Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2022-22486 XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2023-02-03 CVE-2022-38389 Unspecified vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
critical
9.1
2023-01-11 CVE-2022-40615 Unspecified vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection.
network
low complexity
ibm
critical
9.8
2023-01-04 CVE-2022-22338 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2022-12-19 CVE-2022-38708 Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data.
network
low complexity
ibm CWE-918
critical
9.1
2022-11-16 CVE-2022-40752 Command Injection vulnerability in IBM products
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements.
network
low complexity
ibm CWE-77
critical
9.8
2022-11-11 CVE-2022-34331 Improper Authentication vulnerability in IBM Powervm Hypervisor Fw1010/Fw950
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled.
network
low complexity
ibm CWE-287
critical
9.8
2022-11-03 CVE-2022-22425 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-1236
critical
9.8
2022-11-03 CVE-2022-40747 XXE vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2022-08-19 CVE-2022-22489 XXE vulnerability in IBM MQ
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1