Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2021-39056 | Unspecified vulnerability in IBM I The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. | 4.0 |
| 2022-01-11 | CVE-2021-29701 | Unspecified vulnerability in IBM products IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. | 4.3 |
| 2022-01-11 | CVE-2021-38991 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. | 4.6 |
| 2022-01-10 | CVE-2021-38894 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2022-01-10 | CVE-2021-38921 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2022-01-10 | CVE-2021-38956 | Information Exposure vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. | 5.0 |
| 2022-01-10 | CVE-2021-38957 | Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. | 5.0 |
| 2022-01-10 | CVE-2021-38990 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. | 4.6 |
| 2022-01-05 | CVE-2021-38918 | Unspecified vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. | 5.0 |
| 2021-12-30 | CVE-2021-38876 | Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4 IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. | 4.3 |