Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-38951 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request.
network
low complexity
ibm
7.5
2021-12-09 CVE-2021-39002 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm netapp CWE-327
7.5
2021-12-03 CVE-2021-20470 Weak Password Requirements vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm netapp CWE-521
7.5
2021-12-03 CVE-2021-29756 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm netapp CWE-352
8.8
2021-12-01 CVE-2021-20400 Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2021-11-24 CVE-2021-38873 Injection vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection.
local
low complexity
ibm CWE-74
7.8
2021-11-23 CVE-2021-38890 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2021-11-23 CVE-2021-38891 Inadequate Encryption Strength vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2021-11-15 CVE-2021-38979 Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
network
low complexity
ibm CWE-916
7.5
2021-11-15 CVE-2021-38983 Inadequate Encryption Strength vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5