Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-26 | CVE-2021-29770 | Missing Authorization vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2 IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. | 4.0 |
| 2021-07-26 | CVE-2021-29784 | Information Exposure Through an Error Message vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2 IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2021-07-19 | CVE-2021-29780 | Improper Input Validation vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0/38.2 IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. | 6.5 |
| 2021-07-16 | CVE-2020-4675 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Master Data Management Server 11.6 IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2021-07-16 | CVE-2020-4821 | Improper Authentication vulnerability in IBM products IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. | 6.8 |
| 2021-07-15 | CVE-2021-20496 | Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. | 4.0 |
| 2021-07-15 | CVE-2021-20497 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-07-15 | CVE-2021-20498 | Information Exposure vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. | 5.0 |
| 2021-07-15 | CVE-2021-20499 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2021-07-15 | CVE-2021-20511 | Path Traversal vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. | 6.8 |