Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-18 | CVE-2021-29799 | Unspecified vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. | 6.5 |
| 2022-07-18 | CVE-2021-38868 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-07-18 | CVE-2022-22445 | Unspecified vulnerability in IBM Powervm Hypervisor Fw1010/Fw1010.00/Fw950 An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. | 6.5 |
| 2022-07-14 | CVE-2021-39015 | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2022-07-14 | CVE-2021-39016 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. | 4.3 |
| 2022-07-14 | CVE-2021-39017 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. | 6.5 |
| 2022-07-14 | CVE-2021-39018 | Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. | 4.3 |
| 2022-07-14 | CVE-2021-39019 | Information Exposure vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. | 6.5 |
| 2022-07-14 | CVE-2021-39028 | Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-07-14 | CVE-2022-22473 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. | 5.3 |