Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2021-10-15 CVE-2020-4951 Information Exposure vulnerability in IBM Cognos Analytics 11.1.7/11.2.0
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
local
low complexity
ibm CWE-200
2.1
2021-10-12 CVE-2021-38862 Inadequate Encryption Strength vulnerability in IBM Data Risk Manager 2.0.6
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
5.0
2021-10-12 CVE-2021-38915 Cleartext Storage of Sensitive Information vulnerability in IBM Data Risk Manager 2.0.6
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-312
4.0
2021-10-08 CVE-2020-4654 Incorrect Authorization vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control.
network
low complexity
ibm CWE-863
4.0
2021-10-08 CVE-2021-29906 Unspecified vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors.
local
ibm
1.9
2021-10-07 CVE-2021-20372 Improper Authentication vulnerability in IBM Sterling B2B Integrator
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking.
network
low complexity
ibm CWE-287
4.0
2021-10-07 CVE-2021-20375 Improper Authentication vulnerability in IBM Sterling B2B Integrator
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls.
network
low complexity
ibm CWE-287
4.0
2021-10-07 CVE-2021-20376 Information Exposure vulnerability in IBM Sterling B2B Integrator
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages.
network
low complexity
ibm CWE-200
4.0
2021-10-07 CVE-2021-20473 Insufficient Session Expiration vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
4.0
2021-10-07 CVE-2021-20481 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3