| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31770 |
|
|
DoS |
2022-07-05 |
2022-07-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. |
|
2 |
CVE-2022-22482 |
434 |
|
DoS |
2022-05-17 |
2022-05-26 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977. |
|
3 |
CVE-2022-22475 |
20 |
|
|
2022-05-17 |
2022-06-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. |
|
4 |
CVE-2022-22465 |
|
|
|
2022-07-08 |
2022-07-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. |
|
5 |
CVE-2022-22441 |
269 |
|
|
2022-04-28 |
2022-05-06 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. |
|
6 |
CVE-2022-22427 |
79 |
|
XSS |
2022-04-28 |
2022-05-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. |
|
7 |
CVE-2022-22404 |
770 |
|
DoS |
2022-04-01 |
2022-04-08 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. |
|
8 |
CVE-2022-22391 |
200 |
|
+Info |
2022-04-14 |
2022-04-23 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059. |
|
9 |
CVE-2022-22365 |
|
|
|
2022-05-20 |
2022-06-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. |
|
10 |
CVE-2022-22361 |
352 |
|
CSRF |
2022-05-31 |
2022-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
|
11 |
CVE-2022-22356 |
203 |
|
|
2022-04-05 |
2022-04-18 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. |
|
12 |
CVE-2022-22349 |
22 |
|
Dir. Trav. |
2022-02-24 |
2022-03-02 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. |
|
13 |
CVE-2022-22344 |
116 |
|
XSS |
2022-03-14 |
2022-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 |
|
14 |
CVE-2022-22316 |
|
|
DoS |
2022-03-23 |
2022-03-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. |
|
15 |
CVE-2021-39074 |
79 |
|
XSS |
2022-06-29 |
2022-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
16 |
CVE-2021-39056 |
|
|
DoS |
2022-01-13 |
2022-01-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. |
|
17 |
CVE-2021-39050 |
787 |
|
Overflow +Priv |
2021-12-13 |
2021-12-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440. |
|
18 |
CVE-2021-39049 |
787 |
|
Overflow +Priv |
2021-12-13 |
2021-12-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439. |
|
19 |
CVE-2021-39047 |
79 |
|
XSS |
2022-06-24 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. |
|
20 |
CVE-2021-39046 |
522 |
|
|
2022-03-18 |
2022-07-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. |
|
21 |
CVE-2021-39027 |
116 |
|
|
2022-05-06 |
2023-01-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. |
|
22 |
CVE-2021-39026 |
319 |
|
+Info |
2022-02-18 |
2022-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964. |
|
23 |
CVE-2021-39024 |
79 |
|
XSS |
2022-05-10 |
2022-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862. |
|
24 |
CVE-2021-38991 |
|
|
Exec Code |
2022-01-11 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953. |
|
25 |
CVE-2021-38990 |
|
|
Exec Code |
2022-01-10 |
2022-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. |
|
26 |
CVE-2021-38989 |
|
|
DoS |
2022-03-07 |
2022-07-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. |
|
27 |
CVE-2021-38988 |
|
|
DoS |
2022-03-07 |
2022-07-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. |
|
28 |
CVE-2021-38985 |
20 |
|
|
2021-11-12 |
2021-11-16 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
29 |
CVE-2021-38973 |
20 |
|
|
2021-11-12 |
2021-11-16 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
30 |
CVE-2021-38972 |
20 |
|
|
2021-11-12 |
2021-11-16 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
31 |
CVE-2021-38971 |
|
|
Bypass +Info |
2022-03-14 |
2022-07-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620. |
|
32 |
CVE-2021-38967 |
94 |
|
Exec Code |
2021-11-30 |
2021-11-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. |
|
33 |
CVE-2021-38950 |
|
|
|
2021-12-14 |
2022-07-12 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. |
|
34 |
CVE-2021-38944 |
79 |
|
XSS |
2022-05-18 |
2022-05-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236. |
|
35 |
CVE-2021-38915 |
312 |
|
|
2021-10-12 |
2021-10-18 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. |
|
36 |
CVE-2021-38905 |
668 |
|
|
2022-04-22 |
2022-06-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. |
|
37 |
CVE-2021-38904 |
668 |
|
|
2022-04-22 |
2022-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. |
|
38 |
CVE-2021-38900 |
|
|
+Info |
2021-12-21 |
2022-07-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. |
|
39 |
CVE-2021-38894 |
209 |
|
+Info |
2022-01-10 |
2022-01-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. |
|
40 |
CVE-2021-38887 |
200 |
|
+Info |
2021-11-10 |
2021-11-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401. |
|
41 |
CVE-2021-38876 |
79 |
|
XSS |
2021-12-30 |
2022-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. |
|
42 |
CVE-2021-38875 |
|
|
DoS |
2021-11-23 |
2021-11-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. |
|
43 |
CVE-2021-29899 |
|
|
DoS |
2022-03-18 |
2022-03-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. |
|
44 |
CVE-2021-29883 |
311 |
|
|
2021-10-21 |
2022-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090. |
|
45 |
CVE-2021-29880 |
|
|
|
2021-08-13 |
2022-07-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. |
|
46 |
CVE-2021-29862 |
|
|
DoS |
2021-08-26 |
2021-09-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. |
|
47 |
CVE-2021-29859 |
|
|
+Info |
2022-05-02 |
2022-05-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. |
|
48 |
CVE-2021-29856 |
|
|
DoS |
2021-09-20 |
2021-09-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685. |
|
49 |
CVE-2021-29854 |
116 |
|
XSS |
2022-05-03 |
2022-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. |
|
50 |
CVE-2021-29853 |
252 |
|
|
2021-09-01 |
2021-09-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. |
