Ibm: Security Vulnerabilities
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396.
CVSS Score
6.2
EPSS Score
0.002
Published
2021-06-25
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
CVSS Score
4.6
EPSS Score
0.001
Published
2021-06-25
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-25
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-06-24
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-06-24
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-06-24
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-06-24
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-06-24
IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.
CVSS Score
6.8
EPSS Score
0.0
Published
2021-06-17
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-06-16