Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 115 ms.

CVE-2021-29907: Security Bulletin: IBM OpenPages with Watson has addressed a remote code execution vulnerability (CVE-2021-29907)

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.

CVE
Open in Source
#vulnerability#windows#linux#rce#auth#ibm
CVE-2022-34161: Security Bulletin: IBM CICS TX Standard is vulnerable to cross-site request forgery (CVE-2022-34161).

IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.

CVE-2022-34163: Security Bulletin: IBM CICS TX Advanced is vulnerable to HTTP header injection (CVE-2022-34163).

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.

CVE-2021-39088: IBM QRadar SIEM is vulnerable to local privilege escalation (CVE-2021-39088)

IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111.

CVE-2022-35721: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35721)

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.

CVE-2022-40234: Insecure handling of TLS certificates by IBM Spectrum Protect Plus (CVE-2022-40234)

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.

CVE-2022-35280: Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosing sensitive information due to improper privilege management for storage provider types (CVE-2022-34338)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.

CVE-2022-22470: Security Bulletin: IBM Security Verify Governance stores user credentials in plain clear text which can be read by a local user (CVE-2022-22470)

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.

CVE-2022-34318: Security Bulletin: IBM CICS TX Advanced is vulnerable to a remote attack by hijacking the clicking action of the victim (CVE-2022-34318).

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461.

CVE-2022-22461: Security Bulletin: Security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.