Ibm: Security Vulnerabilities
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-24
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-06-24
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-24
IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-06-21
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-06-20
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-06-20
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.
CVSS Score
5.1
EPSS Score
0.0
Published
2022-06-20
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-06-17
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-17
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-06-15