Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-41299 | Cross-site Scripting vulnerability in IBM Cloud Transformation Advisor IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. | 5.4 |
| 2022-12-07 | CVE-2022-43581 | Missing Authorization vulnerability in IBM Content Navigator IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. | 8.8 |
| 2022-12-07 | CVE-2022-41735 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-06 | CVE-2022-43867 | OS Command Injection vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.0.1/5.1.2.1/5.1.4.1 IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. | 7.8 |
| 2022-12-06 | CVE-2022-34361 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Secure Proxy 6.0.3 IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2022-12-01 | CVE-2022-43900 | Improper Authentication vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops 1.4.2 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. | 6.5 |
| 2022-12-01 | CVE-2022-43901 | Exposure of Resource to Wrong Sphere vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops 1.4.2 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. | 5.5 |
| 2022-12-01 | CVE-2022-41297 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-11-28 | CVE-2022-41732 | Insufficiently Protected Credentials vulnerability in IBM Maximo Application Suite 8.7/8.8 IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2022-11-22 | CVE-2022-40228 | Insufficient Session Expiration vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |