Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2021-29835 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. | 4.3 |
| 2021-10-21 | CVE-2021-29873 | Unspecified vulnerability in IBM products IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. | 5.5 |
| 2021-10-21 | CVE-2021-29883 | Missing Encryption of Sensitive Data vulnerability in IBM Transformation Extender Advanced IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2021-10-20 | CVE-2021-38896 | Cross-site Scripting vulnerability in IBM Qradar Advisor 2.5.0/2.5.1/2.6.1 IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. | 4.3 |
| 2021-10-19 | CVE-2021-38911 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Risk Manager on Cp4S 1.7.2.0 IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. | 4.0 |
| 2021-10-15 | CVE-2021-29679 | Code Injection vulnerability in multiple products IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. | 6.5 |
| 2021-10-15 | CVE-2021-29745 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. | 6.5 |
| 2021-10-12 | CVE-2021-38862 | Inadequate Encryption Strength vulnerability in IBM Data Risk Manager 2.0.6 IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-10-12 | CVE-2021-38915 | Cleartext Storage of Sensitive Information vulnerability in IBM Data Risk Manager 2.0.6 IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. | 4.0 |
| 2021-10-08 | CVE-2020-4654 | Unspecified vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. | 4.0 |