Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2021-20551: Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to some browser which may store a local cached copy of content received from web servers.(CVE-2021-20551)

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.

CVE
Open in Source
#vulnerability#web#windows#linux#ibm
CVE-2021-20544: IBM Jazz Team Server server-side request forgery CVE-2021-20544 Vulnerability Report

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.

CVE-2021-20421: Security Bulletin: IBM Engineering Lifecycle Management is vulnerable(Server-Side Request Forgery vulnerability) when requesting resource over an API endpoint to verify URls from target application se

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2021-20355: IBM Jazz Team Server information disclosure CVE-2021-20355 Vulnerability Report

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.

CVE-2021-20543: IBM Jazz Team Server HTML injection CVE-2021-20543 Vulnerability Report

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.

CVE-2022-33953: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens (CVE-2022-33953))

IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.

CVE-2022-31767: IBM CICS TX Standard is vulnerable to arbitrary code execution (CVE-2022-31767)

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.

CVE-2022-22502: IBM Robotic Process Automation cross-site scripting CVE-2022-22502 Vulnerability Report

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124.

CVE-2021-39047: IBM Planning Analytics and IBM Cognos Analytics cross-site scripting CVE-2021-39047 Vulnerability Report

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.

CVE-2021-29768: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.