Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-26 CVE-2021-29845 Improper Input Validation vulnerability in IBM Security Guardium Insights 3.0.0
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.
network
low complexity
ibm CWE-20
8.8
2022-01-25 CVE-2021-39031 Injection vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
8.8
2022-01-21 CVE-2020-4875 XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2022-01-21 CVE-2020-4876 XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2022-01-17 CVE-2021-38965 OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2022-01-11 CVE-2021-38991 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution.
local
low complexity
ibm
7.8
2022-01-10 CVE-2021-38921 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-01-10 CVE-2021-38957 Improper Input Validation vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation.
network
low complexity
ibm CWE-20
7.5
2022-01-10 CVE-2021-38990 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution.
local
low complexity
ibm
7.8
2022-01-05 CVE-2021-38918 Unspecified vulnerability in IBM Powervm Hypervisor
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs.
network
low complexity
ibm
7.5