Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-31 | CVE-2024-25027 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Access 10.0.6 IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. | 5.5 |
| 2024-03-22 | CVE-2022-32751 | Unspecified vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. | 5.3 |
| 2024-03-22 | CVE-2022-32753 | Inadequate Encryption Strength vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 6.5 |
| 2024-03-22 | CVE-2022-32754 | Cross-site Scripting vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-03-21 | CVE-2023-47715 | Improper Privilege Management vulnerability in IBM Storage Protect Plus 10.1.0/10.1.16 IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. | 4.3 |
| 2024-03-21 | CVE-2024-22352 | Information Exposure Through Log Files vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2024-03-15 | CVE-2021-38938 | Insufficiently Protected Credentials vulnerability in IBM Host Access Transformation Services IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2024-03-15 | CVE-2023-47147 | External Control of File Name or Path vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. | 5.3 |
| 2024-03-15 | CVE-2023-47699 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. | 6.1 |
| 2024-03-15 | CVE-2023-46179 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |