Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2022-22453 | Inadequate Encryption Strength vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-07-14 | CVE-2022-22460 | Unspecified vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. | 7.5 |
| 2022-07-12 | CVE-2020-4157 | Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0 IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2022-07-12 | CVE-2020-4159 | Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0 IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. | 7.5 |
| 2022-07-08 | CVE-2022-22464 | Inadequate Encryption Strength vulnerability in IBM Security Verify Access IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-07-08 | CVE-2022-22465 | Unspecified vulnerability in IBM Security Verify Access IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. | 7.8 |
| 2022-07-08 | CVE-2022-22476 | Authentication Bypass by Spoofing vulnerability in IBM Open Liberty and Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. | 8.8 |
| 2022-06-30 | CVE-2021-38941 | Unspecified vulnerability in IBM Cloud PAK for Multicloud Management Monitoring 2.0.0/2.3.0 IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. | 8.1 |
| 2022-06-30 | CVE-2022-22472 | Improper Preservation of Permissions vulnerability in IBM Spectrum Protect Plus Container Backup and Restore 10.1.10.2/10.1.5/10.1.7 IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. | 8.8 |
| 2022-06-30 | CVE-2022-22474 | Unspecified vulnerability in IBM Spectrum Protect Client IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. | 7.5 |