Severity
Medium
Analysis Summary
CVE-2021-29735
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2021-29843
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties.
CVE-2020-4152
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques.
CVE-2020-4153
IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4160
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man-in-the-middle techniques.
Impact
- Cross-Site Scripting
- Denial of Service
- Information Disclosure
Affected Vendors
IBM
Affected Products
- IBM Security Guardium 10.5
- IBM Security Guardium 10.6
- IBM Security Guardium 11.0
- IBM Security Guardium 11.1
- IBM Security Guardium 11.2
- IBM Security Guardium 11.3
- BM MQ Appliance 9.1.LTS
- IBM MQ Appliance 9.1.CD
- IBM MQ Appliance 9.2.LTS
- IBM MQ Appliance 9.2.CD
- IBM QRadar Network Security 5.4.0
- IBM QRadar Network Security 5.5.0
Remediation
Refer to IBM Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-29735
CVE-2021-29843
CVE-2020-4152
CVE-2020-4153
CVE-2020-4160