Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-43864 Path Traversal vulnerability in IBM Business Automation Workflow and Business Monitor
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2023-01-26 CVE-2022-43917 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-01-26 CVE-2022-22462 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2023-01-20 CVE-2021-39011 Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user.
network
low complexity
ibm CWE-532
4.9
2023-01-20 CVE-2021-39089 Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm CWE-200
6.5
2023-01-20 CVE-2022-41733 Improper Input Validation vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted.
network
low complexity
ibm CWE-20
5.3
2023-01-19 CVE-2022-39167 Information Exposure vulnerability in IBM Spectrum Virtualize
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques.
network
high complexity
ibm CWE-200
5.9
2023-01-18 CVE-2022-47990 Classic Buffer Overflow vulnerability in IBM AIX and Vios
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution.
local
low complexity
ibm CWE-120
7.8
2023-01-18 CVE-2023-22592 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Robotic Process Automation for Cloud PAK
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings.
local
low complexity
ibm CWE-732
7.8
2023-01-18 CVE-2023-22594 Cross-site Scripting vulnerability in IBM products
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4