Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-30 | CVE-2021-29864 | Open Redirect vulnerability in IBM Security Identity Manager 6.0.0/6.0.2 IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2022-08-29 | CVE-2021-38934 | Cross-site Scripting vulnerability in IBM products IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2022-08-26 | CVE-2022-35714 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.1/7.6.1.2 IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. | 5.4 |
| 2022-08-26 | CVE-2021-3669 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel. | 5.5 |
| 2022-08-22 | CVE-2021-29891 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. | 4.9 |
| 2022-08-16 | CVE-2021-39035 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. | 5.4 |
| 2022-08-16 | CVE-2021-39086 | Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2022-08-16 | CVE-2021-39087 | Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. | 6.5 |
| 2022-08-10 | CVE-2022-22411 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1 IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. | 6.5 |
| 2022-08-10 | CVE-2022-22490 | Files or Directories Accessible to External Parties vulnerability in IBM products IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. | 4.9 |