Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2023-23468 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. | 5.5 |
| 2023-06-27 | CVE-2022-34352 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. | 6.5 |
| 2023-06-27 | CVE-2023-26273 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. | 4.3 |
| 2023-06-27 | CVE-2023-26274 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-06-27 | CVE-2023-26276 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-06-27 | CVE-2023-32339 | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Business Automation Workflow is vulnerable to cross-site scripting. | 6.1 |
| 2023-06-22 | CVE-2023-28956 | Unspecified vulnerability in IBM Spectrum Protect Backup-Archive Client IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | 7.8 |
| 2023-06-22 | CVE-2023-33842 | Unspecified vulnerability in IBM Spss Modeler IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. | 5.5 |
| 2023-06-15 | CVE-2022-32752 | OS Command Injection vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19 IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-06-15 | CVE-2022-32757 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19 IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |