Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-38877 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2020-4941 | Information Exposure Through an Error Message vulnerability in IBM Edge Application Manager 4.2 IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. | 4.3 |
| 2021-09-23 | CVE-2021-20434 | Insufficiently Protected Credentials vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. | 4.4 |
| 2021-09-23 | CVE-2021-20435 | Improper Certificate Validation vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. | 5.5 |
| 2021-09-23 | CVE-2021-20484 | Cross-site Scripting vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-20485 | Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2021-09-23 | CVE-2021-20563 | Unspecified vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. | 4.3 |
| 2021-09-23 | CVE-2021-29800 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-38863 | Insufficiently Protected Credentials vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. | 5.5 |
| 2021-09-21 | CVE-2021-29795 | Injection vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. | 6.0 |