Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-22360 Injection vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
8.8
2022-07-14 CVE-2022-22452 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2022-07-14 CVE-2022-22453 Inadequate Encryption Strength vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2022-07-14 CVE-2022-22460 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system.
network
low complexity
ibm
7.5
2022-07-12 CVE-2020-4157 Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2022-07-12 CVE-2020-4159 Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.
network
low complexity
ibm CWE-200
7.5
2022-07-08 CVE-2022-22464 Inadequate Encryption Strength vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2022-07-08 CVE-2022-22465 Unspecified vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions.
local
low complexity
ibm
7.8
2022-07-08 CVE-2022-22476 Authentication Bypass by Spoofing vulnerability in IBM Open Liberty and Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request.
network
low complexity
ibm CWE-290
8.8
2022-06-30 CVE-2021-38941 Unspecified vulnerability in IBM Cloud PAK for Multicloud Management Monitoring 2.0.0/2.3.0
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands.
network
low complexity
ibm
8.1