Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-20 | CVE-2021-29856 | Unspecified vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. | 6.5 |
| 2021-09-20 | CVE-2021-38899 | Unspecified vulnerability in IBM Cloud PAK for Data 2.5 IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. | 4.4 |
| 2021-09-16 | CVE-2021-29752 | Unspecified vulnerability in IBM DB2 11.2/11.5 IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. | 4.4 |
| 2021-09-16 | CVE-2021-29763 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. | 5.1 |
| 2021-09-16 | CVE-2021-29842 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. | 5.3 |
| 2021-09-15 | CVE-2021-20433 | Unspecified vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. | 6.5 |
| 2021-09-15 | CVE-2021-29773 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Security Guardium 10.6/11.3 IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). | 5.4 |
| 2021-09-14 | CVE-2021-20508 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2021-09-14 | CVE-2021-20569 | Improper Input Validation vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. | 5.3 |
| 2021-09-14 | CVE-2021-20582 | Information Exposure vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. | 5.3 |