Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-20487 | Improper Verification of Cryptographic Signature vulnerability in IBM products IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | 6.5 |
| 2021-05-26 | CVE-2021-20492 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-05-25 | CVE-2020-4839 | Out-of-bounds Write vulnerability in IBM products IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. | 4.0 |
| 2021-05-25 | CVE-2021-29708 | Unspecified vulnerability in IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. | 4.6 |
| 2021-05-24 | CVE-2020-4990 | SQL Injection vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to SQL injection. | 6.5 |
| 2021-05-24 | CVE-2021-20386 | Cross-site Scripting vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to cross-site scripting. | 4.3 |
| 2021-05-24 | CVE-2021-20419 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-05-24 | CVE-2021-20428 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2021-05-21 | CVE-2021-29681 | Information Exposure vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. | 5.0 |
| 2021-05-20 | CVE-2020-4850 | Improper Encoding or Escaping of Output vulnerability in IBM Gpfs.Tct.Server IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. | 5.0 |