Ibm: Security Vulnerabilities
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.
CVSS Score
5.7
EPSS Score
0.006
Published
2022-04-27
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.
CVSS Score
5.7
EPSS Score
0.006
Published
2022-04-27
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-04-27
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-04-27
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.
CVSS Score
6.8
EPSS Score
0.002
Published
2022-04-25
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-04-25
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-04-22
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-22
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-22