VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2021-20343MedJun 2, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…

  • CVE-2021-20338MedJun 2, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-5030MedJun 2, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2020-4977MedJun 2, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2021-20585MedJun 1, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.

  • CVE-2020-4354MedJun 1, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2019-4653MedJun 1, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2021-20428MedMay 24, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.

  • CVE-2021-29681MedMay 21, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.

  • CVE-2021-29687MedMay 20, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018

  • CVE-2021-29682MedMay 20, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997

  • CVE-2021-20529MedMay 19, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.

  • CVE-2021-20528MedMay 19, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20374MedMay 19, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2021-20565MedMay 14, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID:…

  • CVE-2021-20429MedMay 14, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.

  • CVE-2021-20535MedMay 13, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM…

  • CVE-2020-4535MedMay 11, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20559MedMay 10, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2020-4929MedMay 5, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4987MedMay 4, 2021
    risk 0.35cvss 5.4epss 0.01

    The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2021-29666MedApr 27, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2021-20550MedApr 27, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20549MedApr 27, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20448MedApr 27, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4562MedApr 26, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.

  • CVE-2021-20519MedApr 12, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4920MedApr 12, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2020-4997MedApr 5, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2020-4792MedApr 5, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441.

  • CVE-2021-20520MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20518MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20506MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20504MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20503MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20447MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20352MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4848MedMar 30, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.

  • CVE-2020-4635MedMar 19, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.

  • CVE-2021-20336MedMar 11, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2021-20341MedMar 9, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.

  • CVE-2021-20351MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20350MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20340MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4975MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4866MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4863MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2020-4857MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2020-4856MedMar 4, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2021-20446MedFeb 18, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

Page 63 of 166