Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2020-4970 Exposure of Resource to Wrong Sphere vulnerability in IBM Security Identity Manager 5.2.4/5.2.5/5.2.6
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
ibm CWE-668
4.3
2022-05-18 CVE-2021-38944 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
ibm CWE-79
4.3
2022-05-17 CVE-2020-4994 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests.
network
low complexity
ibm
5.0
2022-05-17 CVE-2021-29726 Improper Certificate Validation vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates.
network
low complexity
ibm CWE-295
5.0
2022-05-17 CVE-2021-38872 Resource Exhaustion vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests.
network
low complexity
ibm CWE-400
5.0
2022-05-17 CVE-2022-22475 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user.
network
low complexity
ibm CWE-20
4.0
2022-05-17 CVE-2022-22482 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service.
network
low complexity
ibm CWE-434
4.0
2022-05-17 CVE-2020-4957 Exposure of Resource to Wrong Sphere vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system.
network
low complexity
ibm CWE-668
5.0
2022-05-17 CVE-2022-22484 Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history.
local
low complexity
ibm CWE-312
2.1
2022-05-13 CVE-2022-22325 Information Exposure vulnerability in IBM MQ for HPE Nonstop 8.1.0
IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace.
local
ibm CWE-200
1.9