Filtered by vendor Ibm
Subscribe
Total
7009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4269 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845. | |||||
| CVE-2020-4270 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. | |||||
| CVE-2020-4854 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. | |||||
| CVE-2020-4584 | 1 Ibm | 1 I2 Ibase | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574. | |||||
| CVE-2020-4280 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-29 | 9.0 HIGH | 8.8 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140. | |||||
| CVE-2021-39006 | 2 Ibm, Linux | 2 Qradar Wincollect, Linux Kernel | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549. | |||||
| CVE-2021-20584 | 1 Ibm | 1 Sterling B2b Integrator | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. | |||||
| CVE-2020-4732 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126. | |||||
| CVE-2021-20579 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2022-06-28 | 3.5 LOW | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. | |||||
| CVE-2021-20375 | 1 Ibm | 1 Sterling B2b Integrator | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. | |||||
| CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. | |||||
| CVE-2020-4985 | 1 Ibm | 1 Planning Analytics Local | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. | |||||
| CVE-2021-29761 | 1 Ibm | 1 Sterling B2b Integrator | 2022-06-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265. | |||||
| CVE-2021-29779 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. | |||||
| CVE-2021-38887 | 1 Ibm | 1 Infosphere Information Server | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401. | |||||
| CVE-2020-4562 | 1 Ibm | 1 Planning Analytics | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. | |||||
| CVE-2020-4670 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2022-06-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | |||||
| CVE-2021-29825 | 5 Ibm, Linux, Microsoft and 2 more | 6 Aix, Db2, Linux Kernel and 3 more | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470. | |||||
| CVE-2020-4883 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907. | |||||
| CVE-2021-29703 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659. | |||||