| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-22497 |
|
|
|
2022-05-24 |
2023-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. |
|
2 |
CVE-2022-22481 |
862 |
|
|
2022-05-09 |
2022-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. |
|
3 |
CVE-2022-22474 |
|
|
DoS |
2022-06-30 |
2022-07-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. |
|
4 |
CVE-2022-22464 |
326 |
|
|
2022-07-08 |
2022-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. |
|
5 |
CVE-2022-22355 |
|
|
DoS |
2022-04-05 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. |
|
6 |
CVE-2022-22336 |
401 |
|
DoS |
2022-02-23 |
2022-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. |
|
7 |
CVE-2022-22332 |
672 |
|
|
2022-04-01 |
2022-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. |
|
8 |
CVE-2022-22331 |
668 |
|
+Info |
2022-04-01 |
2022-04-12 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. |
|
9 |
CVE-2022-22327 |
327 |
|
|
2022-04-01 |
2022-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. |
|
10 |
CVE-2022-22311 |
20 |
|
+Info |
2022-03-31 |
2022-04-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. |
|
11 |
CVE-2021-39082 |
327 |
|
|
2022-04-29 |
2022-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
|
12 |
CVE-2021-39041 |
|
|
DoS |
2022-07-12 |
2022-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028. |
|
13 |
CVE-2021-39025 |
|
|
|
2022-03-10 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. |
|
14 |
CVE-2021-39023 |
209 |
|
+Info |
2022-05-06 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. |
|
15 |
CVE-2021-39021 |
203 |
|
|
2022-02-02 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856. |
|
16 |
CVE-2021-39020 |
200 |
|
+Info |
2022-05-05 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855. |
|
17 |
CVE-2021-38986 |
613 |
|
|
2022-03-01 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942. |
|
18 |
CVE-2021-38984 |
326 |
|
|
2021-11-15 |
2021-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. |
|
19 |
CVE-2021-38969 |
798 |
|
|
2022-05-11 |
2022-05-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. |
|
20 |
CVE-2021-38957 |
20 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. |
|
21 |
CVE-2021-38956 |
200 |
|
+Info |
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 |
|
22 |
CVE-2021-38935 |
521 |
|
|
2022-02-18 |
2022-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. |
|
23 |
CVE-2021-38925 |
326 |
|
|
2021-10-06 |
2021-10-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. |
|
24 |
CVE-2021-38921 |
327 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. |
|
25 |
CVE-2021-38918 |
|
|
|
2022-01-05 |
2022-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. |
|
26 |
CVE-2021-38910 |
20 |
|
Bypass |
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. |
|
27 |
CVE-2021-38872 |
|
|
DoS |
2022-05-17 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. |
|
28 |
CVE-2021-38864 |
295 |
|
+Info |
2021-09-23 |
2021-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. |
|
29 |
CVE-2021-38862 |
326 |
|
|
2021-10-12 |
2021-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. |
|
30 |
CVE-2021-34587 |
787 |
|
|
2022-04-27 |
2022-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. |
|
31 |
CVE-2021-29875 |
|
|
+Info |
2021-11-02 |
2021-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. |
|
32 |
CVE-2021-29873 |
|
|
DoS +Info |
2021-10-21 |
2022-07-12 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. |
|
33 |
CVE-2021-29867 |
|
|
|
2021-12-03 |
2022-07-12 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. |
|
34 |
CVE-2021-29842 |
307 |
|
|
2021-09-16 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. |
|
35 |
CVE-2021-29831 |
611 |
|
|
2021-09-21 |
2021-09-29 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775. |
|
36 |
CVE-2021-29802 |
269 |
|
|
2021-08-23 |
2021-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
|
37 |
CVE-2021-29794 |
327 |
|
|
2021-07-12 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556. |
|
38 |
CVE-2021-29765 |
|
|
+Info |
2021-08-04 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476. |
|
39 |
CVE-2021-29749 |
918 |
|
|
2021-07-15 |
2021-07-31 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777. |
|
40 |
CVE-2021-29726 |
295 |
|
|
2022-05-17 |
2023-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104. |
|
41 |
CVE-2021-29719 |
668 |
|
|
2021-12-03 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 |
|
42 |
CVE-2021-29704 |
327 |
|
|
2021-08-23 |
2021-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
|
43 |
CVE-2021-29676 |
74 |
|
+Priv XSS |
2021-06-25 |
2021-06-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking |
|
44 |
CVE-2021-20585 |
200 |
|
+Info |
2021-06-01 |
2021-06-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. |
|
45 |
CVE-2021-20584 |
434 |
|
|
2021-10-07 |
2021-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. |
|
46 |
CVE-2021-20576 |
|
|
|
2021-06-01 |
2021-06-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. |
|
47 |
CVE-2021-20565 |
20 |
|
Bypass |
2021-05-14 |
2021-05-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236. |
|
48 |
CVE-2021-20541 |
|
|
|
2021-08-02 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927. |
|
49 |
CVE-2021-20540 |
|
|
|
2021-08-02 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923. |
|
50 |
CVE-2021-20539 |
|
|
|
2021-08-02 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920. |
