Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-22425 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. | 9.8 |
| 2022-11-03 | CVE-2022-40747 | XXE vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-08-19 | CVE-2022-22489 | XXE vulnerability in IBM MQ IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-08-17 | CVE-2022-22455 | Unspecified vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 9.8 |
| 2022-08-16 | CVE-2021-39085 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. | 9.8 |
| 2022-08-10 | CVE-2022-35280 | Weak Password Requirements vulnerability in IBM Robotic Process Automation for Cloud PAK 21.0.0/21.0.1/21.0.2 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2022-08-01 | CVE-2022-31775 | XXE vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-07-29 | CVE-2022-35643 | Unspecified vulnerability in IBM Powervm Virtual I/O Server 3.1.0 IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. | 9.1 |
| 2022-07-11 | CVE-2020-4150 | Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1 IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2022-06-30 | CVE-2022-22487 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Server An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. | 9.8 |