Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2022-11-11 CVE-2022-34331 Improper Authentication vulnerability in IBM Powervm Hypervisor Fw1010/Fw950
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled.
network
low complexity
ibm CWE-287
critical
9.8
2022-11-03 CVE-2021-39077 Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user.
local
low complexity
ibm CWE-312
4.4
2022-11-03 CVE-2022-22425 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-1236
critical
9.8
2022-11-03 CVE-2022-22442 Exposure of Resource to Wrong Sphere vulnerability in IBM products
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls.
network
low complexity
ibm CWE-668
6.5
2022-11-03 CVE-2022-30608 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-11-03 CVE-2022-30615 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-03 CVE-2022-34339 Cleartext Storage of Sensitive Information vulnerability in IBM Cognos Analytics
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-312
6.5
2022-11-03 CVE-2022-35279 Cleartext Storage of Sensitive Information vulnerability in IBM Business Automation Workflow
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system.
network
low complexity
ibm CWE-312
4.3
2022-11-03 CVE-2022-35642 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-03 CVE-2022-35717 OS Command Injection vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
local
low complexity
ibm CWE-78
7.8