Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-14 CVE-2022-22354 Unspecified vulnerability in IBM products
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place.
network
low complexity
ibm
7.5
2022-03-10 CVE-2021-39022 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
network
low complexity
ibm CWE-1236
8.8
2022-03-07 CVE-2022-22351 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host.
network
low complexity
ibm
8.6
2022-02-23 CVE-2022-22336 Memory Leak vulnerability in IBM products
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.
network
low complexity
ibm CWE-401
7.5
2022-02-21 CVE-2022-22308 Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack.
local
low complexity
ibm CWE-829
7.8
2022-02-18 CVE-2021-38935 Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2022-02-17 CVE-2021-39034 Unspecified vulnerability in IBM MQ
IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process.
network
low complexity
ibm
7.5
2022-02-04 CVE-2021-38960 Information Exposure vulnerability in IBM products
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information.
network
low complexity
ibm CWE-200
7.5
2022-02-02 CVE-2021-39044 Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-02-02 CVE-2021-39066 Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
network
low complexity
ibm CWE-384
8.8