Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2021-38945 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation.
network
low complexity
ibm CWE-434
7.5
2022-06-20 CVE-2022-22317 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
7.5
2022-06-17 CVE-2022-22485 Improper Authentication vulnerability in IBM Spectrum Protect Operations Center
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server.
network
low complexity
ibm CWE-287
7.5
2022-06-15 CVE-2019-4575 SQL Injection vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.5
2022-06-07 CVE-2020-36529 Command Injection vulnerability in IBM Sevone Network Performance Management
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22.
network
ibm CWE-77
8.5
2022-06-06 CVE-2022-31768 SQL Injection vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.5
2022-05-12 CVE-2022-22413 SQL Injection vulnerability in IBM Robotic Process Automation 21.0.0/21.0.1/21.0.2
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.5
2022-05-10 CVE-2022-22454 Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
local
low complexity
ibm CWE-77
7.2
2022-04-27 CVE-2021-38869 Session Fixation vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout.
network
low complexity
ibm CWE-384
7.5
2022-04-22 CVE-2021-3849 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2.
network
low complexity
lenovo ibm CWE-287
7.5