Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-29703 | Command Injection vulnerability in IBM DB2 Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. | 5.0 |
| 2021-06-24 | CVE-2021-29777 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031. | 4.0 |
| 2021-06-16 | CVE-2021-20483 | Server-Side Request Forgery (SSRF) vulnerability in IBM Security Identity Manager 6.0.2 IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). | 4.0 |
| 2021-06-16 | CVE-2021-20566 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-06-16 | CVE-2021-29702 | Injection vulnerability in IBM DB2 Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. | 5.0 |
| 2021-06-15 | CVE-2020-5000 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.0.2/3.2.4 IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-11 | CVE-2020-5003 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-06-11 | CVE-2021-29754 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). | 6.5 |
| 2021-06-07 | CVE-2020-5008 | Insecure Storage of Sensitive Information vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. | 5.0 |
| 2021-06-07 | CVE-2021-20517 | Path Traversal vulnerability in IBM Websphere Application Server ND IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. | 6.5 |