Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-20439 Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
network
low complexity
ibm CWE-522
7.5
2021-07-15 CVE-2021-29725 Allocation of Resources Without Limits or Throttling vulnerability in IBM products
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
network
low complexity
ibm CWE-770
7.5
2021-07-13 CVE-2021-20360 Inadequate Encryption Strength vulnerability in IBM Cloud PAK for Applications 4.3
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2021-07-13 CVE-2021-20422 Unspecified vulnerability in IBM Cloud PAK for Applications
IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory.
network
low complexity
ibm
7.5
2021-07-13 CVE-2021-20423 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions.
network
low complexity
ibm CWE-732
8.8
2021-07-12 CVE-2020-4938 Cross-Site Request Forgery (CSRF) vulnerability in IBM MQ Appliance
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-07-12 CVE-2021-29792 Improper Privilege Management vulnerability in IBM Event Streams
IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user.
network
low complexity
ibm CWE-269
7.2
2021-07-12 CVE-2021-29794 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Netcool/Impact 7.1.0.20/7.1.0.21
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-07-09 CVE-2021-29730 SQL Injection vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2021-07-07 CVE-2021-20378 Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8