Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-12 CVE-2022-34311 Insufficiently Protected Credentials vulnerability in IBM Cics TX 11.1
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials.
low complexity
ibm CWE-522
4.3
2024-02-12 CVE-2022-38714 Insufficiently Protected Credentials vulnerability in IBM Datastage
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user.
network
low complexity
ibm CWE-522
4.9
2024-02-10 CVE-2024-22312 Insufficiently Protected Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2024-02-09 CVE-2023-32341 Resource Exhaustion vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption.
network
low complexity
ibm CWE-400
6.5
2024-02-09 CVE-2023-42016 Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-02-09 CVE-2024-22318 Session Fixation vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server.
local
low complexity
ibm CWE-384
5.5
2024-02-09 CVE-2024-22332 Resource Exhaustion vulnerability in IBM Integration BUS 10.1
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion.
network
low complexity
ibm CWE-400
6.5
2024-02-07 CVE-2023-31002 Cleartext Storage of Sensitive Information vulnerability in IBM Security Access Manager Container
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user.
local
low complexity
ibm CWE-312
5.5
2024-02-06 CVE-2024-22331 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent.
local
low complexity
ibm CWE-200
5.5