Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-22494 | Unspecified vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. | 5.3 |
| 2022-06-29 | CVE-2021-39074 | Cross-site Scripting vulnerability in IBM Security Guardium 11.4 IBM Security Guardium 11.4 is vulnerable to cross-site scripting. | 4.3 |
| 2022-06-24 | CVE-2021-20355 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2022-06-24 | CVE-2021-20421 | Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). | 4.0 |
| 2022-06-24 | CVE-2021-20543 | Cross-site Scripting vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. | 5.4 |
| 2022-06-24 | CVE-2021-20544 | Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). | 4.0 |
| 2022-06-24 | CVE-2021-29865 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. | 4.9 |
| 2022-06-24 | CVE-2021-38879 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2022-06-24 | CVE-2022-22389 | SQL Injection vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. | 6.5 |
| 2022-06-24 | CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. | 6.5 |