Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2022-43906 | Unspecified vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | 5.3 |
| 2023-10-04 | CVE-2023-40376 | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
| 2023-10-04 | CVE-2023-40684 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.11/3.0.13/3.0.14 IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. | 5.4 |
| 2023-10-04 | CVE-2023-37404 | Unspecified vulnerability in IBM Observability With Instana 1.0.243/1.0.254 IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. | 9.8 |
| 2023-10-04 | CVE-2023-35905 | Cross-site Scripting vulnerability in IBM Filenet Content Manager 5.5.10/5.5.11/5.5.8 IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. | 5.4 |
| 2023-10-04 | CVE-2022-22447 | Unspecified vulnerability in IBM Disconnected LOG Collector 1.0/1.8.2 IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. | 7.5 |
| 2023-09-28 | CVE-2023-40375 | Improper Privilege Management vulnerability in IBM I Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. | 7.8 |
| 2023-09-28 | CVE-2023-43044 | Path Traversal vulnerability in IBM License Metric Tool IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2023-09-20 | CVE-2023-37410 | Unspecified vulnerability in IBM Person Communications 14.0.5/14.0.6/15.0.0 IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. | 7.8 |
| 2023-09-20 | CVE-2023-38718 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. | 5.3 |