Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-31 | CVE-2022-22361 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2022-05-24 | CVE-2020-4926 | Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. | 6.4 |
| 2022-05-24 | CVE-2022-22309 | Missing Authentication for Critical Function vulnerability in IBM Power System S922 Firmware The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. | 4.6 |
| 2022-05-24 | CVE-2022-22495 | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. | 6.5 |
| 2022-05-20 | CVE-2022-22365 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. network ibm | 4.3 |
| 2022-05-19 | CVE-2020-4970 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Identity Manager 5.2.4/5.2.5/5.2.6 IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2022-05-18 | CVE-2021-38944 | Cross-site Scripting vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 4.3 |
| 2022-05-17 | CVE-2020-4994 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. | 5.0 |
| 2022-05-17 | CVE-2021-29726 | Improper Certificate Validation vulnerability in IBM products IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. | 5.3 |
| 2022-05-17 | CVE-2021-38872 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. | 5.0 |