Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-15 | CVE-2021-20439 | Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | 7.5 |
2021-07-15 | CVE-2021-29725 | Allocation of Resources Without Limits or Throttling vulnerability in IBM products IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | 7.5 |
2021-07-13 | CVE-2021-20360 | Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications 4.3 IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-07-13 | CVE-2021-20422 | Unspecified vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. | 7.5 |
2021-07-13 | CVE-2021-20423 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. | 8.8 |
2021-07-12 | CVE-2020-4938 | Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2021-07-12 | CVE-2021-29792 | Improper Privilege Management vulnerability in IBM Event Streams IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. | 7.2 |
2021-07-12 | CVE-2021-29794 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Netcool/Impact 7.1.0.20/7.1.0.21 IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-07-09 | CVE-2021-29730 | SQL Injection vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 8.8 |
2021-07-07 | CVE-2021-20378 | Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |