Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2022-22321 | Inadequate Encryption Strength vulnerability in IBM MQ 9.2.0/9.2.0.0/9.2.1.0 IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. | 5.5 |
| 2022-02-24 | CVE-2022-22349 | Path Traversal vulnerability in IBM Sterling External Authentication Server 3.4.3.2/6.0.2.0/6.0.3.0 IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. | 4.0 |
| 2022-02-23 | CVE-2022-22336 | Memory Leak vulnerability in IBM products IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | 5.0 |
| 2022-02-18 | CVE-2021-38935 | Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2 IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2022-02-18 | CVE-2021-39026 | Cleartext Transmission of Sensitive Information vulnerability in IBM Guardium Data Encryption 5.0.0.2/5.0.0.3 IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2022-02-17 | CVE-2021-39034 | Unspecified vulnerability in IBM MQ IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. | 5.0 |
| 2022-02-16 | CVE-2019-4291 | Inadequate Encryption Strength vulnerability in IBM Maximo Anywhere 7.6.4.0 IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. | 6.4 |
| 2022-02-14 | CVE-2021-39080 | Unspecified vulnerability in IBM Cognos Analytics Mobile Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. | 6.4 |
| 2022-02-04 | CVE-2021-38960 | Information Exposure vulnerability in IBM products IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. | 5.0 |
| 2022-02-02 | CVE-2021-39021 | Information Exposure Through Discrepancy vulnerability in IBM Guardium Data Encryption 5.0.0.2 IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. | 5.0 |