Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-09 | CVE-2022-34165 | Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. | 5.4 |
| 2022-09-01 | CVE-2020-4301 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-09-01 | CVE-2021-20468 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-09-01 | CVE-2021-29823 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-09-01 | CVE-2021-39009 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. | 5.5 |
| 2022-09-01 | CVE-2021-39045 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. | 5.5 |
| 2022-08-26 | CVE-2021-3669 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel. | 5.5 |
| 2022-08-10 | CVE-2022-22411 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1 IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. | 6.5 |
| 2022-08-01 | CVE-2022-34307 | Missing Encryption of Sensitive Data vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2022-08-01 | CVE-2022-22334 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. | 4.3 |