CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29912
https://notcve.org/view.php?id=CVE-2021-29912
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. IBM Security Risk Manager on CP4S versión 1.7.0.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/207828 https://www.ibm.com/support/pages/node/6505283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3442 – RHOAM: XSS in 3scale at various places
https://notcve.org/view.php?id=CVE-2021-3442
A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality. Se ha encontrado un fallo en el producto Red Hat OpenShift API Management. Las entradas del usuario no son comprobadas, lo que permite a un usuario autenticado inyectar scripts en algunos cuadros de texto, conllevando a un ataque de tipo XSS. • https://access.redhat.com/security/cve/CVE-2021-3442 https://bugzilla.redhat.com/show_bug.cgi?id=1930083 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29906
https://notcve.org/view.php?id=CVE-2021-29906
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. IBM App Connect Enterprise Certified Container versiones 1.0, 1.1, 1.2, 1.3, 1.4 y 1.5, podría divulgar información confidencial a un usuario local cuando es configurado para usar una clave API de IBM Cloud para conectarse a conectores basados en la nube. IBM X-Force ID: 207630 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207630 https://www.ibm.com/support/pages/node/6497177 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3631 – libvirt: Insecure sVirt label generation
https://notcve.org/view.php?id=CVE-2021-3631
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. Se ha encontrado un fallo en libvirt mientras genera pares de categorías MCS de SELinux para las etiquetas dinámicas de las máquinas virtuales. Este defecto permite que un huésped explotado acceda a archivos etiquetados para otro huésped, resultando en una ruptura del confinamiento de sVirt. • https://access.redhat.com/errata/RHSA-2021:3631 https://bugzilla.redhat.com/show_bug.cgi?id=1977726 https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 https://gitlab.com/libvirt/libvirt/-/issues/153 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://security.netapp.com/advisory/ntap-20220331-0010 https://access.redhat.com/security/cve/CVE-2021-3631 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29894
https://notcve.org/view.php?id=CVE-2021-29894
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 207320 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207320 https://www.ibm.com/support/pages/node/6493729 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •