Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-03 | CVE-2021-20493 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. | 4.3 |
| 2021-12-03 | CVE-2021-29716 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. | 4.0 |
| 2021-12-03 | CVE-2021-29719 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. | 5.3 |
| 2021-12-03 | CVE-2021-29756 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2021-12-03 | CVE-2021-29867 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. | 5.5 |
| 2021-12-01 | CVE-2021-20400 | Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-12-01 | CVE-2021-29779 | Improper Authentication vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. | 4.3 |
| 2021-12-01 | CVE-2021-29849 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. | 4.3 |
| 2021-12-01 | CVE-2021-29863 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). | 4.0 |
| 2021-11-30 | CVE-2021-38967 | Code Injection vulnerability in IBM MQ Appliance 9.2.0.0 IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. | 4.6 |