Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2021-29688 Information Exposure Through an Error Message vulnerability in IBM Security Identity Manager 6.0.2/7.0.2
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
7.5
2021-05-20 CVE-2021-29691 Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager 7.0.2
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2021-05-17 CVE-2021-29747 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism.
network
low complexity
ibm
7.5
2021-05-14 CVE-2020-4985 Unspecified vulnerability in IBM Planning Analytics Local 2.0.0
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query.
network
low complexity
ibm
7.5
2021-05-14 CVE-2021-20393 Information Exposure Through an Error Message vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
7.5
2021-05-06 CVE-2020-28198 Out-of-bounds Write vulnerability in IBM Tivoli Storage Manager 5.2.0.1
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow.
local
high complexity
ibm CWE-787
7.0
2021-05-05 CVE-2021-20401 Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
7.8
2021-05-05 CVE-2020-5013 XXE vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
2021-05-05 CVE-2020-4932 Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
7.8
2021-04-27 CVE-2021-29667 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection.
local
low complexity
ibm CWE-1236
7.8