Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-22461 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-12-20 | CVE-2022-38391 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Control 5.4.0.0 IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-12-19 | CVE-2022-43883 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. | 7.5 |
| 2022-12-12 | CVE-2022-41296 | Cross-Site Request Forgery (CSRF) vulnerability in IBM DB2 and DB2 Warehouse IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-12-07 | CVE-2022-43581 | Missing Authorization vulnerability in IBM Content Navigator IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. | 8.8 |
| 2022-12-06 | CVE-2022-43867 | OS Command Injection vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.0.1/5.1.2.1/5.1.4.1 IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. | 7.8 |
| 2022-12-06 | CVE-2022-34361 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Secure Proxy 6.0.3 IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-11-15 | CVE-2022-38385 | Improper Input Validation vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. | 8.1 |
| 2022-11-14 | CVE-2022-34320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-11-14 | CVE-2022-34319 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.7 IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |