Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2020-4157 Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
5.0
2022-07-12 CVE-2020-4159 Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.
network
low complexity
ibm CWE-200
5.0
2022-07-12 CVE-2021-39041 Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0/7.5.0
IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports.
network
low complexity
ibm
5.0
2022-07-11 CVE-2020-4138 Unspecified vulnerability in IBM Security Siteprotector System 3.1.1
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm
2.1
2022-07-11 CVE-2020-4150 Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2022-07-08 CVE-2022-22370 Cross-site Scripting vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
2022-07-08 CVE-2022-22463 SQL Injection vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.4
2022-07-08 CVE-2022-22464 Inadequate Encryption Strength vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
5.0
2022-07-08 CVE-2022-22465 Unspecified vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions.
local
low complexity
ibm
4.6
2022-07-08 CVE-2022-22476 Authentication Bypass by Spoofing vulnerability in IBM Open Liberty and Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request.
network
ibm CWE-290
6.0