Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-15 | CVE-2020-4951 | Information Exposure vulnerability in IBM Cognos Analytics 11.1.7/11.2.0 IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | 2.1 |
| 2021-10-12 | CVE-2021-38862 | Inadequate Encryption Strength vulnerability in IBM Data Risk Manager 2.0.6 IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-10-12 | CVE-2021-38915 | Cleartext Storage of Sensitive Information vulnerability in IBM Data Risk Manager 2.0.6 IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. | 4.0 |
| 2021-10-08 | CVE-2020-4654 | Incorrect Authorization vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. | 4.0 |
| 2021-10-08 | CVE-2021-29906 | Unspecified vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. local ibm | 1.9 |
| 2021-10-07 | CVE-2021-20372 | Improper Authentication vulnerability in IBM Sterling B2B Integrator IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. | 4.0 |
| 2021-10-07 | CVE-2021-20375 | Improper Authentication vulnerability in IBM Sterling B2B Integrator IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. | 4.0 |
| 2021-10-07 | CVE-2021-20376 | Information Exposure vulnerability in IBM Sterling B2B Integrator IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. | 4.0 |
| 2021-10-07 | CVE-2021-20473 | Insufficient Session Expiration vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 4.0 |
| 2021-10-07 | CVE-2021-20481 | Cross-site Scripting vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. | 4.3 |