Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2023-33837 | Unspecified vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. | 7.5 |
| 2023-10-23 | CVE-2023-33839 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-10-23 | CVE-2023-33840 | Cross-site Scripting vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. | 4.8 |
| 2023-10-23 | CVE-2023-38722 | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-10-23 | CVE-2023-43045 | Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. | 7.5 |
| 2023-10-22 | CVE-2023-38276 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. | 7.5 |
| 2023-10-22 | CVE-2023-38735 | Improper Authentication vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. | 6.5 |
| 2023-10-22 | CVE-2023-38275 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Dashboards on Cloud PAK for Data 4.7.0 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. | 7.5 |
| 2023-10-17 | CVE-2022-43891 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2023-10-17 | CVE-2022-43892 | Improper Certificate Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. | 5.3 |