Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-08 CVE-2022-22465 Unspecified vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions.
local
low complexity
ibm
7.8
2022-07-08 CVE-2022-22476 Authentication Bypass by Spoofing vulnerability in IBM Open Liberty and Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request.
network
low complexity
ibm CWE-290
8.8
2022-06-30 CVE-2021-38941 Unspecified vulnerability in IBM Cloud PAK for Multicloud Management Monitoring 2.0.0/2.3.0
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands.
network
low complexity
ibm
8.1
2022-06-30 CVE-2022-22472 Improper Preservation of Permissions vulnerability in IBM Spectrum Protect Plus Container Backup and Restore 10.1.10.2/10.1.5/10.1.7
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information.
network
low complexity
ibm CWE-281
8.8
2022-06-30 CVE-2022-22474 Unspecified vulnerability in IBM Spectrum Protect Client
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets.
network
low complexity
ibm
7.5
2022-06-24 CVE-2022-22390 Improper Privilege Management vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used.
network
low complexity
ibm CWE-269
7.5
2022-06-10 CVE-2022-22479 Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-06-07 CVE-2020-36529 Command Injection vulnerability in IBM Sevone Network Performance Management
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22.
network
low complexity
ibm CWE-77
8.8
2022-06-07 CVE-2020-36530 SQL Injection vulnerability in IBM Sevone Network Performance Management
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22.
network
low complexity
ibm CWE-89
8.8
2022-06-07 CVE-2020-36531 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Sevone Network Performance Management
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22.
network
low complexity
ibm CWE-1236
8.8