Ibm: Security Vulnerabilities
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-09-15
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-15
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-14
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.
CVSS Score
2.7
EPSS Score
0.001
Published
2021-09-14
IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-09-14
IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.
CVSS Score
3.7
EPSS Score
0.002
Published
2021-09-14
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-09-01
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-09-01
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-09-01
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-31