|
195651
|
3.5 |
LOW
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remo…
|
CWE-601
Open Redirect
|
CVE-2021-20534
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195652
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_access
security_access_manager
|
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20439
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195653
|
4.3 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20424
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195654
|
8.8 |
HIGH
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20423
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195655
|
7.5 |
HIGH
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.
|
NVD-CWE-noinfo
|
CVE-2021-20422
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195656
|
5.9 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2021-20369
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195657
|
5.4 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20368
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195658
|
5.4 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20366
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195659
|
5.4 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20365
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195660
|
5.4 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_applications
|
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20364
|
2024-11-21 14:46 |
2021-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
