Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-29908 Unspecified vulnerability in IBM Ts7700 Firmware 8.51.0.63/8.51.1.26/8.52.100.32
The IBM TS7700 Management Interface is vulnerable to unauthenticated access.
network
low complexity
ibm
critical
9.8
2021-10-06 CVE-2021-38923 Unspecified vulnerability in IBM Powervm Hypervisor Firmware 1010
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs.
network
low complexity
ibm
critical
9.1
2021-10-06 CVE-2021-29798 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2021-10-06 CVE-2021-29903 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2021-09-30 CVE-2021-20578 Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls.
network
low complexity
ibm CWE-287
critical
9.8
2021-09-23 CVE-2020-4690 Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.3
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2021-08-26 CVE-2021-29715 Unspecified vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports.
network
low complexity
ibm
critical
9.1
2021-08-26 CVE-2021-29772 Code Injection vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input.
network
low complexity
ibm CWE-94
critical
9.8
2021-08-12 CVE-2021-20509 Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-74
critical
9.8
2021-08-11 CVE-2021-20418 Weak Password Requirements vulnerability in IBM Security Guardium 11.2
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
critical
9.8