Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2022-38389 | Unspecified vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-02-01 | CVE-2023-23469 | Unspecified vulnerability in IBM Cloud PAK for Business Automation IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2023-02-01 | CVE-2022-43922 | Inadequate Encryption Strength vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. | 6.5 |
| 2023-02-01 | CVE-2022-47983 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2023-01-26 | CVE-2022-43864 | Unspecified vulnerability in IBM Business Automation Workflow and Business Monitor IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2023-01-26 | CVE-2022-43917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. | 7.5 |
| 2023-01-26 | CVE-2022-22462 | Unspecified vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2023-01-20 | CVE-2021-39011 | Unspecified vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. | 4.9 |
| 2023-01-20 | CVE-2021-39089 | Unspecified vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. | 6.5 |
| 2023-01-20 | CVE-2022-41733 | Unspecified vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. | 5.3 |