CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29688
https://notcve.org/view.php?id=CVE-2021-29688
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29687
https://notcve.org/view.php?id=CVE-2021-29687
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018 IBM Security Identity Manager versión 7.0.2, podría permitir a un usuario remoto enumerar nombres de usuario debido a una diferencia de respuestas de intentos de inicio de sesión válidos e inválidos. IBM X-Force ID: 200018 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200018 • CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29686
https://notcve.org/view.php?id=CVE-2021-29686
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015 IBM Security Identity Manager versión 7.0.2, podría permitir a un usuario autenticado omitir la seguridad y llevar a cabo acciones a las que no debería tener acceso. IBM X-Force ID: 200015 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200015 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29683
https://notcve.org/view.php?id=CVE-2021-29683
20 May 2021 — IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. IBM Security Identity Manager versión 7.0.2, almacena las credenciales de usuario en texto sin formato que puede ser leído por un usuario autenticado. IBM X-Force ID: 199998 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199998 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29682
https://notcve.org/view.php?id=CVE-2021-29682
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997 IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20515
https://notcve.org/view.php?id=CVE-2021-20515
30 Apr 2021 — IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. IBM Informix Dynamic Server versión 14.10, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación de límites inapropiada. Un usuario privilegiado local podría desbordar un búfer y ejec... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198366 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2192
https://notcve.org/view.php?id=CVE-2021-2192
22 Apr 2021 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris as well as unauthorized update, insert or delete access to some of Ora... • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2167
https://notcve.org/view.php?id=CVE-2021-2167
22 Apr 2021 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20480
https://notcve.org/view.php?id=CVE-2021-20480
08 Apr 2021 — IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. IBM WebSphere Application Server versiones 7.0, 8.0 y 8.5, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante autenticado remotamente podría explotar esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197502 • CWE-918: Server-Side Request Forgery (SSRF) •