Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-19 | CVE-2020-4970 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Identity Manager 5.2.4/5.2.5/5.2.6 IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2022-05-18 | CVE-2021-38944 | Cross-site Scripting vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 4.3 |
| 2022-05-17 | CVE-2020-4994 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. | 5.0 |
| 2022-05-17 | CVE-2021-29726 | Improper Certificate Validation vulnerability in IBM products IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. | 5.0 |
| 2022-05-17 | CVE-2021-38872 | Resource Exhaustion vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. | 5.0 |
| 2022-05-17 | CVE-2022-22475 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. | 4.0 |
| 2022-05-17 | CVE-2022-22482 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. | 4.0 |
| 2022-05-17 | CVE-2020-4957 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. | 5.0 |
| 2022-05-17 | CVE-2022-22484 | Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. | 2.1 |
| 2022-05-13 | CVE-2022-22325 | Information Exposure vulnerability in IBM MQ for HPE Nonstop 8.1.0 IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. | 1.9 |