Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-20478 Information Exposure vulnerability in IBM Cloud PAK System 2.3
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console.
local
low complexity
ibm CWE-200
2.1
2021-07-19 CVE-2020-5031 Cross-Site Scripting vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2021-07-19 CVE-2021-20507 Cross-Site Scripting vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2021-07-19 CVE-2021-29707 Improper Privilege Management vulnerability in IBM Hardware Management Console 9.1.910.0/9.2.950.0
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell.
local
low complexity
ibm CWE-269
7.2
2021-07-19 CVE-2021-29780 Improper Input Validation vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0/38.2
IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation.
network
low complexity
ibm CWE-20
6.5
2021-07-16 CVE-2020-4675 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
4.3
2021-07-16 CVE-2020-4821 Improper Authentication vulnerability in IBM products
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.
network
ibm CWE-287
6.8
2021-07-16 CVE-2020-4980 Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest.
low complexity
ibm CWE-319
3.3
2021-07-15 CVE-2021-20496 Improper Input Validation vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation.
network
low complexity
ibm docker CWE-20
4.0
2021-07-15 CVE-2021-20497 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm docker CWE-327
5.0