Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-28 CVE-2022-41732 Insufficiently Protected Credentials vulnerability in IBM Maximo Application Suite 8.7/8.8
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2022-11-22 CVE-2022-40228 Insufficient Session Expiration vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
2022-11-21 CVE-2022-40746 Uncontrolled Search Path Element vulnerability in IBM I Access Client Solutions
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability.
local
high complexity
ibm CWE-427
6.7
2022-11-17 CVE-2022-38390 Cross-site Scripting vulnerability in IBM Business Automation Workflow
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-17 CVE-2022-40751 Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.
network
low complexity
ibm CWE-522
4.9
2022-11-15 CVE-2022-40753 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-14 CVE-2022-34317 Cross-site Scripting vulnerability in IBM Cics TX 11.1
IBM CICS TX 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-14 CVE-2022-34315 Cross-site Scripting vulnerability in IBM Cics TX 11.1
IBM CICS TX 11.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-14 CVE-2022-34316 Improper Encoding or Escaping of Output vulnerability in IBM Cics TX 11.1
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers.
network
low complexity
ibm CWE-116
5.3
2022-11-14 CVE-2022-34329 Unspecified vulnerability in IBM Cics TX 11.7
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers.
network
low complexity
ibm
5.3