Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2020-4877 | Incorrect Authorization vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. | 9.8 |
| 2022-01-21 | CVE-2020-4879 | Improper Authentication vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. | 9.8 |
| 2021-12-13 | CVE-2021-39063 | Origin Validation Error vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. | 9.1 |
| 2021-12-13 | CVE-2021-39052 | Unspecified vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. | 9.8 |
| 2021-12-13 | CVE-2021-39065 | OS Command Injection vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . | 9.8 |
| 2021-12-10 | CVE-2021-38917 | Unspecified vulnerability in IBM Powervm Hypervisor Fw860/Fw940/Fw950 IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. | 9.1 |
| 2021-11-02 | CVE-2021-38948 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2021-10-06 | CVE-2021-29908 | Unspecified vulnerability in IBM Ts7700 Firmware 8.51.0.63/8.51.1.26/8.52.100.32 The IBM TS7700 Management Interface is vulnerable to unauthenticated access. | 9.8 |
| 2021-10-06 | CVE-2021-38923 | Unspecified vulnerability in IBM Powervm Hypervisor Firmware 1010 IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. | 9.1 |
| 2021-10-06 | CVE-2021-29798 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. | 9.8 |