CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-31770 DoS 2022-07-05 2022-07-13
4.0
None Remote Low ??? None None Partial
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
2 CVE-2022-22482 434 DoS 2022-05-17 2022-05-26
4.0
None Remote Low ??? None None Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.
3 CVE-2022-22475 20 2022-05-17 2022-06-21
4.0
None Remote Low ??? None Partial None
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
4 CVE-2022-22465 2022-07-08 2022-07-16
4.6
None Local Low Not required Partial Partial Partial
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.
5 CVE-2022-22441 269 2022-04-28 2022-05-06
4.0
None Remote Low ??? Partial None None
IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.
6 CVE-2022-22427 79 XSS 2022-04-28 2022-05-06
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.
7 CVE-2022-22404 770 DoS 2022-04-01 2022-04-08
4.0
None Remote Low ??? None None Partial
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.
8 CVE-2022-22391 200 +Info 2022-04-14 2022-04-23
4.0
None Remote Low ??? Partial None None
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059.
9 CVE-2022-22365 2022-05-20 2022-06-02
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.
10 CVE-2022-22361 352 CSRF 2022-05-31 2022-06-10
4.3
None Remote Medium Not required None Partial None
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
11 CVE-2022-22356 203 2022-04-05 2022-04-18
4.0
None Remote Low ??? Partial None None
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.
12 CVE-2022-22349 22 Dir. Trav. 2022-02-24 2022-03-02
4.0
None Remote Low ??? None Partial None
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
13 CVE-2022-22344 116 XSS 2022-03-14 2022-03-22
4.3
None Remote Medium Not required None Partial None
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038
14 CVE-2022-22316 DoS 2022-03-23 2022-03-29
4.0
None Remote Low ??? None None Partial
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.
15 CVE-2021-39074 79 XSS 2022-06-29 2022-07-07
4.3
None Remote Medium Not required None Partial None
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
16 CVE-2021-39056 DoS 2022-01-13 2022-01-22
4.0
None Remote Low ??? None None Partial
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.
17 CVE-2021-39050 787 Overflow +Priv 2021-12-13 2021-12-16
4.6
None Local Low Not required Partial Partial Partial
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440.
18 CVE-2021-39049 787 Overflow +Priv 2021-12-13 2021-12-16
4.6
None Local Low Not required Partial Partial Partial
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.
19 CVE-2021-39047 79 XSS 2022-06-24 2022-10-28
4.3
None Remote Medium Not required None Partial None
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
20 CVE-2021-39046 522 2022-03-18 2022-07-12
4.0
None Remote Low ??? Partial None None
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.
21 CVE-2021-39027 116 2022-05-06 2023-01-24
4.0
None Remote Low ??? None Partial None
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.
22 CVE-2021-39026 319 +Info 2022-02-18 2022-07-12
4.3
None Remote Medium Not required Partial None None
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964.
23 CVE-2021-39024 79 XSS 2022-05-10 2022-05-16
4.3
None Remote Medium Not required None Partial None
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862.
24 CVE-2021-38991 Exec Code 2022-01-11 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
25 CVE-2021-38990 Exec Code 2022-01-10 2022-01-13
4.6
None Local Low Not required Partial Partial Partial
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.
26 CVE-2021-38989 DoS 2022-03-07 2022-07-12
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.
27 CVE-2021-38988 DoS 2022-03-07 2022-07-12
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.
28 CVE-2021-38985 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
29 CVE-2021-38973 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
30 CVE-2021-38972 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
31 CVE-2021-38971 Bypass +Info 2022-03-14 2022-07-12
4.0
None Remote Low ??? Partial None None
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.
32 CVE-2021-38967 94 Exec Code 2021-11-30 2021-11-30
4.6
None Local Low Not required Partial Partial Partial
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
33 CVE-2021-38950 2021-12-14 2022-07-12
4.4
None Local Medium Not required Partial Partial Partial
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
34 CVE-2021-38944 79 XSS 2022-05-18 2022-05-26
4.3
None Remote Medium Not required None Partial None
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236.
35 CVE-2021-38915 312 2021-10-12 2021-10-18
4.0
None Remote Low ??? Partial None None
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
36 CVE-2021-38905 668 2022-04-22 2022-06-03
4.0
None Remote Low ??? Partial None None
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.
37 CVE-2021-38904 668 2022-04-22 2022-06-03
4.3
None Remote Medium Not required Partial None None
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.
38 CVE-2021-38900 +Info 2021-12-21 2022-07-12
4.0
None Remote Low ??? Partial None None
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.
39 CVE-2021-38894 209 +Info 2022-01-10 2022-01-13
4.0
None Remote Low ??? Partial None None
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.
40 CVE-2021-38887 200 +Info 2021-11-10 2021-11-12
4.0
None Remote Low ??? Partial None None
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.
41 CVE-2021-38876 79 XSS 2021-12-30 2022-01-10
4.3
None Remote Medium Not required None Partial None
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.
42 CVE-2021-38875 DoS 2021-11-23 2021-11-24
4.0
None Remote Low ??? None None Partial
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
43 CVE-2021-29899 DoS 2022-03-18 2022-03-24
4.0
None Remote Low ??? None None Partial
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
44 CVE-2021-29883 311 2021-10-21 2022-07-12
4.3
None Remote Medium Not required Partial None None
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.
45 CVE-2021-29880 2021-08-13 2022-07-12
4.0
None Remote Low ??? Partial None None
IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979.
46 CVE-2021-29862 DoS 2021-08-26 2021-09-07
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.
47 CVE-2021-29859 +Info 2022-05-02 2022-05-11
4.6
None Local Low Not required Partial Partial Partial
IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.
48 CVE-2021-29856 DoS 2021-09-20 2021-09-28
4.0
None Remote Low ??? None None Partial
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.
49 CVE-2021-29854 116 XSS 2022-05-03 2022-05-11
4.3
None Remote Medium Not required None Partial None
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.
50 CVE-2021-29853 252 2021-09-01 2021-09-09
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.
Total number of vulnerabilities : 1489   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.