Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2020-4875 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2022-01-21 | CVE-2020-4876 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2022-01-17 | CVE-2021-38965 | OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7 IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2022-01-11 | CVE-2021-38991 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. | 7.8 |
| 2022-01-10 | CVE-2021-38921 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-01-10 | CVE-2021-38957 | Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. | 7.5 |
| 2022-01-10 | CVE-2021-38990 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. | 7.8 |
| 2022-01-05 | CVE-2021-38918 | Unspecified vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. | 7.5 |
| 2021-12-14 | CVE-2021-38950 | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.0.4/8.1.0 IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. | 7.8 |
| 2021-12-13 | CVE-2021-39049 | Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 7.8 |