Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-29697 | Unspecified vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. | 4.9 |
| 2021-07-29 | CVE-2021-20505 | Unspecified vulnerability in IBM Powervm Hypervisor The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. | 4.4 |
| 2021-07-28 | CVE-2020-4974 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). | 6.3 |
| 2021-07-28 | CVE-2020-5004 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation products are vulnerable to cross-site scripting. | 5.4 |
| 2021-07-27 | CVE-2021-20562 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. | 5.4 |
| 2021-07-26 | CVE-2020-4623 | Uncontrolled Search Path Element vulnerability in IBM I2 Ibase 8.9.13 IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. | 6.5 |
| 2021-07-26 | CVE-2021-20430 | Information Exposure Through an Error Message vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2 IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-07-26 | CVE-2021-20431 | Insufficient Session Expiration vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1/9.2.2 IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. | 6.5 |
| 2021-07-26 | CVE-2021-20560 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Sterling Connect Direct User Interface 1.4.1.1/1.5.0.2 IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2021-07-26 | CVE-2021-29766 | Information Exposure Through an Error Message vulnerability in IBM I2 Analyze 4.3.0/4.3.1/4.3.2 IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |