Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2022-22354 | Unspecified vulnerability in IBM products IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. | 7.5 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 8.8 |
| 2022-03-07 | CVE-2022-22351 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. | 8.6 |
| 2022-02-23 | CVE-2022-22336 | Memory Leak vulnerability in IBM products IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | 7.5 |
| 2022-02-21 | CVE-2022-22308 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. | 7.8 |
| 2022-02-18 | CVE-2021-38935 | Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2 IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2022-02-17 | CVE-2021-39034 | Unspecified vulnerability in IBM MQ IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. | 7.5 |
| 2022-02-04 | CVE-2021-38960 | Information Exposure vulnerability in IBM products IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. | 7.5 |
| 2022-02-02 | CVE-2021-39044 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-02-02 | CVE-2021-39066 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 8.8 |