Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22349 | 1 Ibm | 1 Sterling External Authentication Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
|
|||||
| CVE-2022-22348 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 3.5 LOW | 2.4 LOW |
|
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.
|
|||||
| CVE-2022-22346 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.
|
|||||
| CVE-2022-22345 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
|
|||||
| CVE-2022-22344 | 1 Ibm | 1 Spectrum Copy Data Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038
|
|||||
| CVE-2022-22339 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.5 MEDIUM | 7.3 HIGH |
|
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.
|
|||||
| CVE-2022-22338 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 6.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510.
|
|||||
| CVE-2022-22337 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507.
|
|||||
| CVE-2022-22336 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
|
|||||
| CVE-2022-22334 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.
|
|||||
| CVE-2022-22333 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.
|
|||||
| CVE-2022-22332 | 1 Ibm | 1 Partner Engagement Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.
|
|||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.
|
|||||
| CVE-2022-22330 | 2 Ibm, Linux | 2 Control Desk, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.
|
|||||
| CVE-2022-22329 | 2 Ibm, Linux | 2 Control Desk, Linux Kernel | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.
|
|||||
| CVE-2022-22328 | 1 Ibm | 1 Partner Engagement Manager | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871.
|
|||||
| CVE-2022-22327 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.
|
|||||
| CVE-2022-22326 | 1 Ibm | 5 Datapower Gateway, Mq Appliance M2001, Mq Appliance M2001 Firmware and 2 more | 2024-11-21 | N/A | 3.3 LOW |
|
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.
|
|||||
| CVE-2022-22325 | 1 Ibm | 1 Mq For Hpe Nonstop | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.
|
|||||
| CVE-2022-22323 | 2 Ibm, Microsoft | 2 Security Verify Password Synchronization, Active Directory | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.
|
|||||
| CVE-2022-22322 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.
|
|||||
| CVE-2022-22321 | 1 Ibm | 1 Mq | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.
|
|||||
| CVE-2022-22320 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367.
|
|||||
| CVE-2022-22319 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366.
|
|||||
| CVE-2022-22318 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
|
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
|
|||||
| CVE-2022-22317 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
|
|||||
| CVE-2022-22316 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.
|
|||||
| CVE-2022-22315 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.
|
|||||
| CVE-2022-22314 | 1 Ibm | 1 Planning Analytics Workspace | 2024-11-21 | N/A | 3.3 LOW |
|
IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.
|
|||||
| CVE-2022-22313 | 1 Ibm | 1 Qradar Data Synchronization | 2024-11-21 | N/A | 4.4 MEDIUM |
|
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370.
|
|||||
| CVE-2022-22312 | 2 Ibm, Microsoft | 2 Security Verify Password Synchronization, Active Directory | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.
|
|||||
| CVE-2022-22311 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.
|
|||||
| CVE-2022-22310 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
|
|||||
| CVE-2022-22309 | 1 Ibm | 2 Power System S922, Power System S922 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.
|
|||||
| CVE-2022-22308 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.
|
|||||
| CVE-2022-22307 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | N/A | 4.4 MEDIUM |
|
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
|
|||||
| CVE-2021-3897 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
|
|||||
| CVE-2021-3849 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
|
|||||
| CVE-2021-3723 | 1 Ibm | 4 System X3550 M3, System X3550 M3 Firmware, System X3650 M3 and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
|
|||||
| CVE-2021-39089 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.
|
|||||