Ibm: Security Vulnerabilities
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-05-26
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
CVSS Score
8.0
EPSS Score
0.001
Published
2021-05-26
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-05-26
IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to delete arbitrary files on the system. IBM X-Force ID: 200558.
CVSS Score
4.9
EPSS Score
0.009
Published
2021-05-25
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-05-25
IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037.
CVSS Score
4.9
EPSS Score
0.007
Published
2021-05-25
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
CVSS Score
7.6
EPSS Score
0.005
Published
2021-05-24
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.
CVSS Score
8.4
EPSS Score
0.007
Published
2021-05-24
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195767.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-05-24
IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.
CVSS Score
5.1
EPSS Score
0.0
Published
2021-05-24