Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-21 | CVE-2021-29873 | Unspecified vulnerability in IBM products IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. | 8.1 |
| 2021-10-15 | CVE-2021-29679 | Code Injection vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. | 8.8 |
| 2021-10-15 | CVE-2021-29745 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. | 8.8 |
| 2021-10-12 | CVE-2021-38862 | Inadequate Encryption Strength vulnerability in IBM Data Risk Manager 2.0.6 IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-10-07 | CVE-2021-20489 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-10-07 | CVE-2021-20584 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. | 7.5 |
| 2021-10-06 | CVE-2021-29837 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-10-06 | CVE-2021-38925 | Inadequate Encryption Strength vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0. | 7.5 |
| 2021-09-30 | CVE-2021-29894 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-09-23 | CVE-2021-38864 | Improper Certificate Validation vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. | 7.5 |