Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-17 | CVE-2021-29706 | Unspecified vulnerability in IBM AIX 7.1.0 IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. | 7.1 |
| 2021-06-16 | CVE-2021-20566 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-06-16 | CVE-2021-29702 | Injection vulnerability in IBM DB2 Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. | 7.5 |
| 2021-06-11 | CVE-2021-29754 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). | 8.8 |
| 2021-06-07 | CVE-2021-20517 | Path Traversal vulnerability in IBM Websphere Application Server ND IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. | 8.8 |
| 2021-06-03 | CVE-2021-20380 | Unspecified vulnerability in IBM Qradar Advisor With Watson IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. | 7.5 |
| 2021-06-02 | CVE-2020-4495 | Unspecified vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. | 8.8 |
| 2021-06-01 | CVE-2019-4723 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. | 7.5 |
| 2021-06-01 | CVE-2019-4724 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. | 7.5 |
| 2021-06-01 | CVE-2019-4730 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |