Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2021-38929 | Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0 IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. | 7.5 |
| 2022-04-11 | CVE-2021-38930 | Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0 IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. | 7.5 |
| 2022-04-08 | CVE-2020-4668 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-04-08 | CVE-2022-22339 | Server-Side Request Forgery (SSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). | 7.3 |
| 2022-04-06 | CVE-2022-22410 | Unspecified vulnerability in IBM Watson Query IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. | 7.2 |
| 2022-04-01 | CVE-2022-22327 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-04-01 | CVE-2022-22331 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Partner Engagement Manager 6.2.0 IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). | 7.1 |
| 2022-04-01 | CVE-2022-22332 | Operation on a Resource after Expiration or Release vulnerability in IBM Partner Engagement Manager 6.2.0 IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. | 7.5 |
| 2022-03-21 | CVE-2022-22394 | Unspecified vulnerability in IBM Spectrum Protect 8.1.14.100 The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. | 8.8 |
| 2022-03-14 | CVE-2022-22346 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |