Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-43917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. | 7.5 |
| 2023-01-26 | CVE-2022-22462 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-01-18 | CVE-2022-47990 | Classic Buffer Overflow vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. | 7.8 |
| 2023-01-18 | CVE-2023-22592 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Robotic Process Automation for Cloud PAK IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. | 7.8 |
| 2023-01-17 | CVE-2023-22875 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.4.0/7.5.0 IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. | 7.5 |
| 2023-01-09 | CVE-2022-35281 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. | 8.8 |
| 2023-01-05 | CVE-2022-43844 | Insufficient Session Expiration vulnerability in IBM Robotic Process Automation for Cloud PAK IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. | 8.8 |
| 2023-01-04 | CVE-2022-43920 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. | 8.8 |
| 2023-01-04 | CVE-2022-42435 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-12-23 | CVE-2022-41290 | Improper Privilege Management vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. | 8.4 |