Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-15 | CVE-2023-46182 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. | 5.4 |
| 2024-03-15 | CVE-2023-47162 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. | 6.1 |
| 2024-03-14 | CVE-2024-27265 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Integration BUS 10.1/10.1.0.2/10.1.0.3 IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2024-03-01 | CVE-2023-28525 | Cross-site Scripting vulnerability in IBM products IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. | 4.8 |
| 2024-03-01 | CVE-2023-28949 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2024-03-01 | CVE-2023-50305 | Weak Password Requirements vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.1 |
| 2024-02-12 | CVE-2022-22506 | Unspecified vulnerability in IBM Robotic Process Automation 21.0.2 IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. low complexity ibm | 4.6 |
| 2024-02-12 | CVE-2022-34311 | Insufficiently Protected Credentials vulnerability in IBM Cics TX 11.1 IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. | 4.3 |
| 2024-02-12 | CVE-2022-38714 | Insufficiently Protected Credentials vulnerability in IBM Datastage IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. | 4.9 |
| 2024-02-10 | CVE-2024-22312 | Insufficiently Protected Credentials vulnerability in IBM Storage Defender Resiliency Service 2.0 IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |