Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-38983 | Inadequate Encryption Strength vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-11-15 | CVE-2021-38984 | Inadequate Encryption Strength vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-11-12 | CVE-2020-4146 | Information Exposure vulnerability in IBM Security Siteprotector System 3.1.1.0 IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. | 5.0 |
| 2021-11-12 | CVE-2021-38972 | Improper Input Validation vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 4.0 |
| 2021-11-12 | CVE-2021-38973 | Improper Input Validation vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 4.0 |
| 2021-11-12 | CVE-2021-38985 | Improper Input Validation vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 4.0 |
| 2021-11-10 | CVE-2021-38887 | Information Exposure vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. | 4.0 |
| 2021-11-08 | CVE-2020-4152 | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Network Security IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. | 4.3 |
| 2021-11-08 | CVE-2020-4160 | Unspecified vulnerability in IBM Qradar Network Security IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. network ibm | 4.3 |
| 2021-11-08 | CVE-2021-29843 | Unspecified vulnerability in IBM MQ Appliance IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. | 4.0 |