Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2021-38945 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. | 7.5 |
| 2022-06-20 | CVE-2022-22317 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 7.5 |
| 2022-06-17 | CVE-2022-22485 | Improper Authentication vulnerability in IBM Spectrum Protect Operations Center In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. | 7.5 |
| 2022-06-15 | CVE-2019-4575 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. | 7.5 |
| 2022-06-07 | CVE-2020-36529 | Command Injection vulnerability in IBM Sevone Network Performance Management A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. | 8.5 |
| 2022-06-06 | CVE-2022-31768 | SQL Injection vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 7.5 |
| 2022-05-12 | CVE-2022-22413 | SQL Injection vulnerability in IBM Robotic Process Automation 21.0.0/21.0.1/21.0.2 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. | 7.5 |
| 2022-05-10 | CVE-2022-22454 | Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.2 |
| 2022-04-27 | CVE-2021-38869 | Session Fixation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. | 7.5 |
| 2022-04-22 | CVE-2021-3849 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 7.5 |