Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-25 CVE-2022-35287 Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 10.0.2
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2022-07-20 CVE-2021-29755 Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications.
network
low complexity
ibm CWE-295
7.5
2022-07-19 CVE-2022-22358 XXE vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2022-07-19 CVE-2022-22360 Injection vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
8.8
2022-07-14 CVE-2022-22452 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2022-07-14 CVE-2022-22453 Inadequate Encryption Strength vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2022-07-14 CVE-2022-22460 Unspecified vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system.
network
low complexity
ibm
7.5
2022-07-12 CVE-2020-4157 Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2022-07-12 CVE-2020-4159 Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.
network
low complexity
ibm CWE-200
7.5
2022-07-08 CVE-2022-22464 Inadequate Encryption Strength vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5