Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-31767 OS Command Injection vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
critical
10.0
2022-03-21 CVE-2022-22394 Improper Privilege Management vulnerability in IBM Spectrum Protect 8.1.14.100
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls.
network
low complexity
ibm CWE-269
critical
9.0
2022-01-17 CVE-2021-38965 OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
critical
9.0
2021-12-13 CVE-2021-39065 Improper Input Validation vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function .
network
low complexity
ibm CWE-20
critical
10.0
2021-12-10 CVE-2021-38917 Unspecified vulnerability in IBM Powervm Hypervisor Fw860/Fw940/Fw950
IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures.
network
low complexity
ibm
critical
9.4
2021-11-24 CVE-2021-38873 Injection vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection.
network
ibm CWE-74
critical
9.3
2021-11-12 CVE-2021-3723 OS Command Injection vulnerability in IBM System X3550 M3 Firmware and System X3650 M3 Firmware
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
network
low complexity
ibm CWE-78
critical
9.0
2021-10-06 CVE-2021-29908 Improper Authentication vulnerability in IBM Ts7700 Firmware 8.51.0.63/8.51.1.26/8.52.100.32
The IBM TS7700 Management Interface is vulnerable to unauthenticated access.
network
low complexity
ibm CWE-287
critical
10.0
2021-08-02 CVE-2021-29696 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm
critical
9.0
2021-06-02 CVE-2020-4495 Incorrect Authorization vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control.
network
low complexity
ibm CWE-863
critical
9.0