Total
34579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20540 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923. | |||||
| CVE-2021-20539 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920. | |||||
| CVE-2021-20533 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | |||||
| CVE-2021-20529 | 1 Ibm | 1 Control Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763. | |||||
| CVE-2021-20505 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
| The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232 | |||||
| CVE-2021-20501 | 1 Ibm | 1 I | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. | |||||
| CVE-2021-20500 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | |||||
| CVE-2021-20488 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. | |||||
| CVE-2021-20486 | 3 Ibm, Linux, Redhat | 3 Cloud Pak For Data, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. | |||||
| CVE-2021-20478 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. | |||||
| CVE-2021-20440 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536. | |||||
| CVE-2021-20433 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. | |||||
| CVE-2021-20422 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. | |||||
| CVE-2021-20404 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078. | |||||
| CVE-2021-20385 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766. | |||||
| CVE-2021-20380 | 1 Ibm | 1 Qradar Advisor With Watson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712. | |||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | |||||
| CVE-2021-20341 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. | |||||
| CVE-2021-20332 | 1 Mongodb | 1 Rust Driver | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
| Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. This issue affects MongoDB Rust Driver version 2.0.0-alpha, MongoDB Rust Driver version 2.0.0-alpha1 and MongoDB Rust Driver version 1.0.0 through to and including 1.2.1 | |||||
| CVE-2021-20306 | 1 Redhat | 3 Descision Manager, Jbpm, Process Automation | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. | |||||