CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38951
https://notcve.org/view.php?id=CVE-2021-38951
09 Dec 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada por el envío de una petición especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para causa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/211405 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38931
https://notcve.org/view.php?id=CVE-2021-38931
09 Dec 2021 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 11.1, y 11.5, es vulnerable a una divulgación de información como resultado de que un usuario conectado tenga acceso indirecto de lectura a una tabla en la que no está autor... • https://exchange.xforce.ibmcloud.com/vulnerabilities/210418 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38926
https://notcve.org/view.php?id=CVE-2021-38926
09 Dec 2021 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local conseguir privilegios debido a que permite la modificación de columnas de tareas existentes. IBM X-Force ID: 210321 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210321 •
CVSS: 8.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29678
https://notcve.org/view.php?id=CVE-2021-29678
09 Dec 2021 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario con autoridad DBADM acceder a otras bases de datos y leer o modificar archivos. IBM X-Force ID: 199914 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199914 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20373
https://notcve.org/view.php?id=CVE-2021-20373
09 Dec 2021 — IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. IBM Db2 versiones 9.7, 10.1, 10.5, 11.1 y 11.5, pueden ser vulnerables a una divulgación de información cuando es usada la utilidad LOAD, ya que en determinadas circunstancias la utilidad LOAD no aplica las restricciones de directorio. IBM X-Force ID: 199521 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195521 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38891
https://notcve.org/view.php?id=CVE-2021-38891
23 Nov 2021 — IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. IBM Sterling Connect:Direct Web Services versiones 1.0 y 6.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 209508 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209508 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38890
https://notcve.org/view.php?id=CVE-2021-38890
23 Nov 2021 — IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. IBM Sterling Connect:Direct Web Services versiones 1.0 y 6.0, usa una configuración de bloqueo de cuenta inapropiada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. IBM X-Force ID: 209507 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209507 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38949
https://notcve.org/view.php?id=CVE-2021-38949
16 Nov 2021 — IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. IBM MQ versiones 7.5, 8.0, 9.0 LTS, 9.1 CD y 9.1 LTS, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 211403 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35589
https://notcve.org/view.php?id=CVE-2021-35589
20 Oct 2021 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device drivers). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable ... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35549
https://notcve.org/view.php?id=CVE-2021-35549
20 Oct 2021 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data... • https://www.oracle.com/security-alerts/cpuoct2021.html •