Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-27 | CVE-2021-38961 | Cross-site Scripting vulnerability in IBM products IBM OPENBMC OP910 is vulnerable to cross-site scripting. | 4.3 |
| 2021-12-22 | CVE-2021-39013 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. | 4.0 |
| 2021-12-21 | CVE-2021-38900 | Unspecified vulnerability in IBM products IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. | 4.0 |
| 2021-12-15 | CVE-2021-29847 | Unspecified vulnerability in IBM products BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. network ibm | 4.3 |
| 2021-12-14 | CVE-2021-38950 | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.0.4/8.1.0 IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. local ibm | 4.4 |
| 2021-12-13 | CVE-2020-4496 | Improper Certificate Validation vulnerability in IBM Spectrum Protect Plus The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. | 4.3 |
| 2021-12-13 | CVE-2021-39048 | Out-of-bounds Write vulnerability in IBM products IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. | 5.5 |
| 2021-12-13 | CVE-2021-39049 | Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 4.6 |
| 2021-12-13 | CVE-2021-39050 | Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 4.6 |
| 2021-12-13 | CVE-2021-39057 | Server-Side Request Forgery (SSRF) vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). | 5.5 |