Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-14 | CVE-2022-34320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2022-11-14 | CVE-2022-34319 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 11.7 IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2022-11-11 | CVE-2022-38387 | OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
2022-11-03 | CVE-2022-30608 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. | 8.8 |
2022-11-03 | CVE-2022-35717 | OS Command Injection vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
2022-11-03 | CVE-2022-43574 | Incorrect Default Permissions vulnerability in IBM products "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. | 7.5 |
2022-10-07 | CVE-2022-22480 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. | 7.5 |
2022-10-07 | CVE-2022-22493 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops 1.4.2 IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. | 8.8 |
2022-09-29 | CVE-2022-39168 | Insufficiently Protected Credentials vulnerability in IBM products IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. | 7.5 |
2022-09-29 | CVE-2012-2201 | Unspecified vulnerability in IBM Websphere MQ 7.1 IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. | 7.5 |