Security Vulnerabilities - CVEs Published In 2021
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.
CVSS Score
9.8
EPSS Score
0.027
Published
2021-12-13
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.
CVSS Score
5.1
EPSS Score
0.0
Published
2021-12-13
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.
CVSS Score
6.2
EPSS Score
0.002
Published
2021-12-13
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-12-13
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-12-13
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.
CVSS Score
5.6
EPSS Score
0.005
Published
2021-12-13
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-12-13
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-12-13
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-12-13
IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-12-13