Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-20478 | Information Exposure vulnerability in IBM Cloud PAK System 2.3 IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. | 2.1 |
| 2021-07-19 | CVE-2020-5031 | Cross-Site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 3.5 |
| 2021-07-19 | CVE-2021-20507 | Cross-Site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 3.5 |
| 2021-07-19 | CVE-2021-29707 | Improper Privilege Management vulnerability in IBM Hardware Management Console 9.1.910.0/9.2.950.0 IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. | 7.2 |
| 2021-07-19 | CVE-2021-29780 | Improper Input Validation vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0/38.2 IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. | 6.5 |
| 2021-07-16 | CVE-2020-4675 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6 IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-07-16 | CVE-2020-4821 | Improper Authentication vulnerability in IBM products IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. | 6.8 |
| 2021-07-16 | CVE-2020-4980 | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. | 3.3 |
| 2021-07-15 | CVE-2021-20496 | Improper Input Validation vulnerability in multiple products IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. | 4.0 |
| 2021-07-15 | CVE-2021-20497 | USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |