Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-01 | CVE-2023-28525 | Cross-site Scripting vulnerability in IBM products IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. | 4.8 |
2024-03-01 | CVE-2023-28949 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2024-03-01 | CVE-2023-50305 | Weak Password Requirements vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.1 |
2024-02-12 | CVE-2022-22506 | Unspecified vulnerability in IBM Robotic Process Automation 21.0.2 IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. low complexity ibm | 4.6 |
2024-02-10 | CVE-2023-50957 | Improper Privilege Management vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. | 7.2 |
2024-02-10 | CVE-2024-22312 | Insufficiently Protected Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
2024-02-10 | CVE-2024-22313 | Use of Hard-coded Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
2024-02-10 | CVE-2024-22361 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Semeru Runtime IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2024-02-09 | CVE-2023-32341 | Resource Exhaustion vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. | 6.5 |
2024-02-09 | CVE-2023-42016 | Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |