CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38890
https://notcve.org/view.php?id=CVE-2021-38890
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. IBM Sterling Connect:Direct Web Services versiones 1.0 y 6.0, usa una configuración de bloqueo de cuenta inapropiada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. IBM X-Force ID: 209507 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209507 https://www.ibm.com/support/pages/node/6518586 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38949
https://notcve.org/view.php?id=CVE-2021-38949
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. IBM MQ versiones 7.5, 8.0, 9.0 LTS, 9.1 CD y 9.1 LTS, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 211403 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211403 https://www.ibm.com/support/pages/node/6516424 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35589
https://notcve.org/view.php?id=CVE-2021-35589
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device drivers). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35549
https://notcve.org/view.php?id=CVE-2021-35549
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35539
https://notcve.org/view.php?id=CVE-2021-35539
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpuoct2021.html •