Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-40368 | Unspecified vulnerability in IBM Storage Protect IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. | 4.4 |
| 2023-09-08 | CVE-2022-22401 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. | 7.5 |
| 2023-09-08 | CVE-2022-22402 | Cross-site Scripting vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2023-09-08 | CVE-2022-22409 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. | 5.3 |
| 2023-09-08 | CVE-2022-22405 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-09-08 | CVE-2023-24965 | Exposure of Resource to Wrong Sphere vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 5.3 |
| 2023-09-08 | CVE-2023-30995 | Incorrect Authorization vulnerability in IBM Aspera Faspex IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. | 7.5 |
| 2023-09-08 | CVE-2022-33164 | Path Traversal vulnerability in IBM Security Directory Server 7.2.0 IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. | 9.1 |
| 2023-09-08 | CVE-2023-32332 | Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. | 5.4 |
| 2023-09-08 | CVE-2023-38736 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6 IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. | 7.8 |