Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-17 CVE-2022-22455 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
network
low complexity
ibm
critical
9.8
2022-08-16 CVE-2021-39085 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2022-08-10 CVE-2022-35280 Weak Password Requirements vulnerability in IBM Robotic Process Automation for Cloud PAK 21.0.0/21.0.1/21.0.2
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
critical
9.8
2022-08-01 CVE-2022-31775 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2022-07-29 CVE-2022-35643 Unspecified vulnerability in IBM Powervm Virtual I/O Server 3.1.0
IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service.
network
low complexity
ibm
critical
9.1
2022-07-11 CVE-2020-4150 Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2022-06-30 CVE-2022-22487 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Server
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID.
network
low complexity
ibm CWE-307
critical
9.8
2022-06-24 CVE-2021-38945 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation.
network
low complexity
ibm netapp CWE-434
critical
9.8
2022-06-24 CVE-2022-31767 OS Command Injection vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
critical
9.8
2022-06-20 CVE-2022-22317 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
critical
9.8