Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-38385 Improper Input Validation vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation.
network
low complexity
ibm CWE-20
8.1
2022-11-14 CVE-2022-34320 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.1
IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-11-14 CVE-2022-34319 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.7
IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-11-11 CVE-2022-38387 OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2022-11-03 CVE-2022-30608 Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-11-03 CVE-2022-35717 OS Command Injection vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
local
low complexity
ibm CWE-78
7.8
2022-11-03 CVE-2022-43574 Incorrect Default Permissions vulnerability in IBM products
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations.
network
low complexity
ibm CWE-276
7.5
2022-10-07 CVE-2022-22480 Exposure of Resource to Wrong Sphere vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure.
network
low complexity
ibm CWE-668
7.5
2022-10-07 CVE-2022-22493 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops
IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting.
network
low complexity
ibm CWE-352
8.8
2022-09-29 CVE-2022-39168 Insufficiently Protected Credentials vulnerability in IBM products
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs.
network
low complexity
ibm CWE-522
7.5