Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2022-47986 | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. | 9.8 |
| 2023-02-12 | CVE-2022-41731 | Unspecified vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.5.0 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. | 9.8 |
| 2023-02-03 | CVE-2023-23477 | Unspecified vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. | 9.8 |
| 2023-02-03 | CVE-2022-22486 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-02-03 | CVE-2022-38389 | Unspecified vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-01-11 | CVE-2022-40615 | Unspecified vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1 IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. | 9.8 |
| 2023-01-04 | CVE-2022-22338 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. | 9.8 |
| 2022-12-19 | CVE-2022-38708 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. | 9.1 |
| 2022-11-16 | CVE-2022-40752 | Command Injection vulnerability in IBM products IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. | 9.8 |
| 2022-11-11 | CVE-2022-34331 | Improper Authentication vulnerability in IBM Powervm Hypervisor Fw1010/Fw950 After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. | 9.8 |