Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-01 CVE-2022-30616 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
network
low complexity
ibm
7.2
2022-08-01 CVE-2022-31776 Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.8
2022-07-28 CVE-2021-39088 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed.
local
low complexity
ibm
7.8
2022-07-26 CVE-2022-35286 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-07-26 CVE-2022-35639 Unspecified vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive.
network
low complexity
ibm
7.5
2022-07-25 CVE-2022-35284 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Verify Information Queue 10.0.2
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
network
low complexity
ibm CWE-565
7.5
2022-07-25 CVE-2022-35285 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-07-25 CVE-2022-35287 Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 10.0.2
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2022-07-20 CVE-2021-29755 Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications.
network
low complexity
ibm CWE-295
7.5
2022-07-19 CVE-2022-22358 XXE vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1