Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2021-38929 | Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0 IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. | 5.0 |
| 2022-04-11 | CVE-2021-38930 | Unspecified vulnerability in IBM System Storage Ds8000 Management Console Firmware 88.50.0.0/89.10.0.0/89.20.0.0 IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. | 5.0 |
| 2022-04-08 | CVE-2020-4668 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2022-04-08 | CVE-2022-22339 | Server-Side Request Forgery (SSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2022-04-06 | CVE-2022-22410 | Unspecified vulnerability in IBM Watson Query IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. | 6.5 |
| 2022-04-05 | CVE-2022-22355 | Unspecified vulnerability in IBM MQ Appliance 9.2.0.0 IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. | 5.0 |
| 2022-04-05 | CVE-2022-22356 | Information Exposure Through Discrepancy vulnerability in IBM MQ Appliance 9.2.0.0 IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. | 4.0 |
| 2022-04-01 | CVE-2022-22327 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2022-04-01 | CVE-2022-22328 | Unspecified vulnerability in IBM Partner Engagement Manager 6.2.0 IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. | 6.2 |
| 2022-04-01 | CVE-2022-22332 | Operation on a Resource after Expiration or Release vulnerability in IBM Partner Engagement Manager 6.2.0 IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. | 5.0 |