Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-22472 Improper Preservation of Permissions vulnerability in IBM Spectrum Protect Plus Container Backup and Restore 10.1.10.2/10.1.5/10.1.7
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information.
network
low complexity
ibm CWE-281
8.8
2022-06-30 CVE-2022-22474 Unspecified vulnerability in IBM Spectrum Protect Client
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets.
network
low complexity
ibm
7.5
2022-06-24 CVE-2022-22390 Improper Privilege Management vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used.
network
low complexity
ibm CWE-269
7.5
2022-06-10 CVE-2022-22479 Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-06-07 CVE-2020-36529 Command Injection vulnerability in IBM Sevone Network Performance Management
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22.
network
low complexity
ibm CWE-77
8.8
2022-06-07 CVE-2020-36530 SQL Injection vulnerability in IBM Sevone Network Performance Management
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22.
network
low complexity
ibm CWE-89
8.8
2022-06-07 CVE-2020-36531 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Sevone Network Performance Management
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22.
network
low complexity
ibm CWE-1236
8.8
2022-06-06 CVE-2022-22396 Insufficiently Protected Credentials vulnerability in IBM Spectrum Protect Plus
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases.
network
low complexity
ibm CWE-522
7.5
2022-05-24 CVE-2022-22497 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token.
network
low complexity
ibm
7.5
2022-05-24 CVE-2022-22495 SQL Injection vulnerability in IBM I 7.3/7.4/7.5
IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8