Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-26 | CVE-2022-41739 | Unspecified vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.2.1/5.1.4.1/5.1.6.0 IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. | 8.4 |
| 2023-04-07 | CVE-2022-33959 | Unspecified vulnerability in IBM Sterling Order Management 10 IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. | 8.1 |
| 2023-04-07 | CVE-2023-27876 | XXE vulnerability in IBM Tririga Application Platform 4.0 IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2023-04-07 | CVE-2022-34333 | Weak Password Requirements vulnerability in IBM Sterling Order Management 10 IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2023-03-22 | CVE-2022-43863 | Improper Privilege Management vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. | 7.2 |
| 2023-03-22 | CVE-2023-25924 | Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. | 8.8 |
| 2023-03-21 | CVE-2023-25923 | Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. | 7.5 |
| 2023-03-21 | CVE-2023-27871 | SQL Injection vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. | 7.5 |
| 2023-03-21 | CVE-2023-27874 | XXE vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 8.8 |
| 2023-03-16 | CVE-2023-27875 | Unspecified vulnerability in IBM Aspera Faspex 5.0.4 IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. | 7.5 |