Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2021-38945 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. | 9.8 |
| 2022-06-24 | CVE-2022-31767 | OS Command Injection vulnerability in IBM Cics TX 11.1 IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. | 9.8 |
| 2022-06-20 | CVE-2022-22317 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 9.8 |
| 2022-06-20 | CVE-2022-22318 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 9.8 |
| 2022-06-17 | CVE-2022-22485 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Operations Center In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. | 9.8 |
| 2022-06-15 | CVE-2019-4575 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. | 9.8 |
| 2022-06-06 | CVE-2022-31768 | SQL Injection vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 9.8 |
| 2022-05-24 | CVE-2020-4926 | Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. | 9.1 |
| 2022-05-12 | CVE-2022-22413 | SQL Injection vulnerability in IBM Robotic Process Automation 21.0.0/21.0.1/21.0.2 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. | 9.8 |
| 2022-05-11 | CVE-2021-38969 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Virtualize 8.2.0.0/8.3.0.0/8.4.0.0 IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. | 9.8 |