Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-28 | CVE-2021-39088 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. | 7.8 |
| 2022-07-26 | CVE-2022-35286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-07-26 | CVE-2022-35639 | Unspecified vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. | 7.5 |
| 2022-07-25 | CVE-2022-35284 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | 7.5 |
| 2022-07-25 | CVE-2022-35285 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-07-25 | CVE-2022-35287 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2022-07-20 | CVE-2021-29755 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. | 7.5 |
| 2022-07-19 | CVE-2022-22358 | XXE vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2022-07-19 | CVE-2022-22360 | Injection vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
| 2022-07-14 | CVE-2022-22452 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |