Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-37410 | Unspecified vulnerability in IBM Person Communications 14.0.5/14.0.6/15.0.0 IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. | 7.8 |
| 2023-09-20 | CVE-2023-38718 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. | 5.3 |
| 2023-09-20 | CVE-2023-40368 | Unspecified vulnerability in IBM Storage Protect IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. | 4.4 |
| 2023-09-08 | CVE-2022-22401 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. | 7.5 |
| 2023-09-08 | CVE-2022-22402 | Cross-site Scripting vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2023-09-08 | CVE-2022-22409 | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. | 5.3 |
| 2023-09-08 | CVE-2022-22405 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-09-08 | CVE-2023-24965 | Exposure of Resource to Wrong Sphere vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 5.3 |
| 2023-09-08 | CVE-2023-30995 | Incorrect Authorization vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. | 7.5 |
| 2023-09-08 | CVE-2022-33164 | Path Traversal vulnerability in IBM Security Directory Server 7.2.0 IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. | 9.1 |