Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2021-20515 | Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 14.10 IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. | 4.6 |
| 2021-04-26 | CVE-2021-20432 | Unspecified vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 6.4 |
| 2021-04-26 | CVE-2020-4562 | Information Exposure vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. | 5.0 |
| 2021-04-26 | CVE-2021-29694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-04-21 | CVE-2021-20501 | Unspecified vulnerability in IBM I IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. | 6.4 |
| 2021-04-21 | CVE-2021-20454 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-04-20 | CVE-2021-20453 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2021-04-19 | CVE-2021-20527 | Command Injection vulnerability in IBM Resilient 26.0/26.1/26.2 IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. | 6.5 |
| 2021-04-12 | CVE-2021-20519 | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server products are vulnerable to cross-site scripting. | 4.3 |
| 2021-04-12 | CVE-2020-4965 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |