Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-16 CVE-2022-40752 Command Injection vulnerability in IBM products
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements.
network
low complexity
ibm CWE-77
critical
9.8
2022-11-11 CVE-2022-34331 Improper Authentication vulnerability in IBM Powervm Hypervisor Fw1010/Fw950
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled.
network
low complexity
ibm CWE-287
critical
9.8
2022-11-03 CVE-2022-40747 XXE vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2022-11-03 CVE-2022-22425 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-1236
critical
9.8
2022-06-24 CVE-2022-31767 OS Command Injection vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
critical
10.0
2022-06-24 CVE-2021-38945 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation.
network
low complexity
ibm netapp CWE-434
critical
9.8
2022-04-22 CVE-2021-3849 An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2.
network
low complexity
lenovo ibm
critical
9.8
2022-03-21 CVE-2022-22394 Improper Privilege Management vulnerability in IBM Spectrum Protect 8.1.14.100
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls.
network
low complexity
ibm CWE-269
critical
9.0
2022-01-17 CVE-2021-38965 OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
critical
9.0
2021-12-13 CVE-2021-39065 OS Command Injection vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function .
network
low complexity
ibm CWE-78
critical
10.0