CVE-2021-20536
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. Devamını Oku
Devamını oku
CVE-2021-20532
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. Devamını Oku
CVE-2021-20527
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759. Devamını Oku
CVE-2021-20526 (planning_analytics)
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. Devamını Oku
CVE-2021-20526
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. Devamını Oku
CVE-2021-20520 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572. Devamını Oku
CVE-2021-20518 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437. Devamını Oku
CVE-2021-20515 (informix_dynamic_server)
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. Devamını Oku
CVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. Devamını Oku
CVE-2021-20508
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. Devamını Oku
CVE-2021-20507
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235. Devamını Oku
CVE-2021-20506 (engineering_insights, engineering_lifecycle_management, engineering_requirements_quality_assistant_on-premises, engineering_workflow_management, rational_engineering_lifecycle_manager, rational_team_concert)
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231. Devamını Oku