Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2021-39056 | Unspecified vulnerability in IBM I The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. | 6.5 |
| 2022-01-11 | CVE-2021-29701 | Unspecified vulnerability in IBM products IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. | 4.3 |
| 2022-01-10 | CVE-2021-38895 | Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. | 5.4 |
| 2022-01-10 | CVE-2021-38956 | Information Exposure vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. | 5.3 |
| 2021-12-30 | CVE-2021-38876 | Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4 IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. | 6.1 |
| 2021-12-27 | CVE-2021-38961 | Cross-site Scripting vulnerability in IBM products IBM OPENBMC OP910 is vulnerable to cross-site scripting. | 6.1 |
| 2021-12-22 | CVE-2021-39013 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. | 6.5 |
| 2021-12-21 | CVE-2021-38893 | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. | 5.4 |
| 2021-12-21 | CVE-2021-38900 | Unspecified vulnerability in IBM products IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. | 6.5 |
| 2021-12-21 | CVE-2021-38966 | Cross-site Scripting vulnerability in IBM Cloud PAK for Automation and Workflow Process Service IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. | 5.4 |