Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-25 | CVE-2021-29677 | Cross-site Scripting vulnerability in IBM Security Verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-24 | CVE-2020-4885 | Link Following vulnerability in IBM DB2 11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. | 4.7 |
| 2021-06-24 | CVE-2021-20579 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. | 6.5 |
| 2021-06-24 | CVE-2021-29777 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031. | 6.5 |
| 2021-06-16 | CVE-2021-20483 | Server-Side Request Forgery (SSRF) vulnerability in IBM Security Identity Manager 6.0.2 IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2021-06-16 | CVE-2021-20488 | Unspecified vulnerability in IBM Security Identity Manager 6.0.2 IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. | 6.5 |
| 2021-06-16 | CVE-2021-20567 | Missing Encryption of Sensitive Data vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. | 4.4 |
| 2021-06-15 | CVE-2020-5000 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.0.2/3.2.4 IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-07 | CVE-2020-5008 | Insecure Storage of Sensitive Information vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. | 5.3 |
| 2021-06-02 | CVE-2020-4732 | Unspecified vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. | 6.5 |