Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-38385 | Improper Input Validation vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. | 8.1 |
| 2022-11-14 | CVE-2022-34320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-11-14 | CVE-2022-34319 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.7 IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-11-11 | CVE-2022-38387 | OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2022-11-03 | CVE-2022-30608 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. | 8.8 |
| 2022-11-03 | CVE-2022-35717 | OS Command Injection vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
| 2022-11-03 | CVE-2022-43574 | Incorrect Default Permissions vulnerability in IBM products "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. | 7.5 |
| 2022-10-07 | CVE-2022-22480 | Exposure of Resource to Wrong Sphere vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. | 7.5 |
| 2022-10-07 | CVE-2022-22493 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. | 8.8 |
| 2022-09-29 | CVE-2022-39168 | Insufficiently Protected Credentials vulnerability in IBM products IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. | 7.5 |