Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2022-22344 | Injection vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2022-03-14 | CVE-2022-22346 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2022-03-14 | CVE-2022-22353 | Unspecified vulnerability in IBM BIG SQL 7.1.0/7.1.1/7.2.3 IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. | 4.0 |
| 2022-03-14 | CVE-2022-22354 | Unspecified vulnerability in IBM products IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. | 5.0 |
| 2022-03-10 | CVE-2021-38910 | Improper Input Validation vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. | 5.0 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 6.8 |
| 2022-03-10 | CVE-2021-39025 | Unspecified vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. | 5.0 |
| 2022-03-07 | CVE-2021-38988 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. | 4.9 |
| 2022-03-07 | CVE-2021-38989 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. | 4.9 |
| 2022-03-01 | CVE-2021-38986 | Insufficient Session Expiration vulnerability in IBM MQ 9.2.0/9.2.0.0/9.2.1.0 IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.5 |