Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2022-22495 | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. | 8.8 |
| 2022-05-17 | CVE-2020-4994 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. | 7.5 |
| 2022-05-17 | CVE-2021-38872 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. | 7.5 |
| 2022-05-12 | CVE-2021-0193 | Improper Authentication vulnerability in IBM In-Band Manageability Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 |
| 2022-05-10 | CVE-2022-22454 | OS Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
| 2022-05-09 | CVE-2021-20479 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-05-06 | CVE-2021-39023 | Information Exposure Through an Error Message vulnerability in IBM Guardium Data Encryption IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2022-05-05 | CVE-2022-22433 | Improper Input Validation vulnerability in IBM products IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. | 7.5 |
| 2022-05-03 | CVE-2021-29854 | Improper Encoding or Escaping of Output vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 7.2 |
| 2022-05-03 | CVE-2022-22368 | Inadequate Encryption Strength vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |