Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2021-20355 Exposure of Resource to Wrong Sphere vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-668
5.0
2022-06-24 CVE-2021-20421 Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0
2022-06-24 CVE-2021-20544 Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0
2022-06-24 CVE-2021-29865 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim.
network
ibm CWE-1021
4.9
2022-06-24 CVE-2021-38879 Exposure of Resource to Wrong Sphere vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-668
5.0
2022-06-24 CVE-2022-22389 SQL Injection vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user.
network
low complexity
ibm CWE-89
4.0
2022-06-24 CVE-2022-22390 Improper Privilege Management vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used.
network
low complexity
ibm CWE-269
5.0
2022-06-24 CVE-2021-29768 Exposure of Resource to Wrong Sphere vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access.
network
low complexity
ibm CWE-668
4.0
2022-06-24 CVE-2021-39047 Cross-site Scripting vulnerability in IBM Cognos Analytics and Planning Analytics
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
2022-06-21 CVE-2021-39006 Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1
IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices.
network
low complexity
ibm
5.0