Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-31775 | XXE vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-07-29 | CVE-2022-35643 | Unspecified vulnerability in IBM Powervm Virtual I/O Server 3.1.0 IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. | 9.1 |
| 2022-07-11 | CVE-2020-4150 | Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1 IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2022-06-30 | CVE-2022-22487 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Server An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. | 9.8 |
| 2022-06-24 | CVE-2021-38945 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. | 9.8 |
| 2022-06-24 | CVE-2022-31767 | OS Command Injection vulnerability in IBM Cics TX 11.1 IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. | 9.8 |
| 2022-06-20 | CVE-2022-22317 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 9.8 |
| 2022-06-20 | CVE-2022-22318 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 9.8 |
| 2022-06-17 | CVE-2022-22485 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Operations Center In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. | 9.8 |
| 2022-06-15 | CVE-2019-4575 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. | 9.8 |