Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-19 | CVE-2022-38708 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. | 9.1 |
| 2022-12-19 | CVE-2022-39160 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-19 | CVE-2022-43883 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. | 7.5 |
| 2022-12-19 | CVE-2022-43887 | Information Exposure Through Log Files vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. | 5.3 |
| 2022-12-19 | CVE-2022-40607 | Path Traversal vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. | 6.8 |
| 2022-12-14 | CVE-2020-4497 | Cleartext Transmission of Sensitive Information vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. | 5.9 |
| 2022-12-12 | CVE-2022-22488 | Allocation of Resources Without Limits or Throttling vulnerability in IBM products IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. | 4.9 |
| 2022-12-12 | CVE-2022-34318 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2022-12-12 | CVE-2021-38997 | Improper Encoding or Escaping of Output vulnerability in IBM API Connect IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-12-12 | CVE-2022-41296 | Cross-Site Request Forgery (CSRF) vulnerability in IBM DB2 and DB2 Warehouse IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |