Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-38923 | Unspecified vulnerability in IBM Powervm Hypervisor Firmware 1010 IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. | 6.5 |
| 2021-10-06 | CVE-2021-29758 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. | 4.0 |
| 2021-10-06 | CVE-2021-29760 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. | 4.0 |
| 2021-10-06 | CVE-2021-29761 | Information Exposure vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. | 4.0 |
| 2021-10-06 | CVE-2021-29837 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2021-10-06 | CVE-2021-38925 | Inadequate Encryption Strength vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0. | 5.0 |
| 2021-09-30 | CVE-2021-20554 | Cross-site Scripting vulnerability in IBM Sterling Order Management 10/9.4.0/9.5.0 IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. | 4.3 |
| 2021-09-30 | CVE-2021-29894 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-09-23 | CVE-2021-29816 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-09-23 | CVE-2020-4941 | Information Exposure Through an Error Message vulnerability in IBM Edge Application Manager 4.2 IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. | 4.0 |