Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-17 | CVE-2022-22475 | Unspecified vulnerability in IBM Open Liberty and Websphere Application Server IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. | 6.5 |
| 2022-05-17 | CVE-2022-22482 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. | 4.0 |
| 2022-05-17 | CVE-2020-4957 | Information Exposure vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. | 5.0 |
| 2022-05-13 | CVE-2022-22325 | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.1.0 IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. | 5.5 |
| 2022-05-12 | CVE-2021-0193 | Improper Authentication vulnerability in IBM In-Band Manageability Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | 6.5 |
| 2022-05-11 | CVE-2021-38969 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Virtualize 8.2.0.0/8.3.0.0/8.4.0.0 IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. | 5.0 |
| 2022-05-10 | CVE-2021-39024 | Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. | 4.3 |
| 2022-05-09 | CVE-2021-20479 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2022-05-09 | CVE-2022-22319 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. | 5.4 |
| 2022-05-09 | CVE-2022-22481 | Unspecified vulnerability in IBM I 7.2/7.3/7.4 IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. | 5.3 |