Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-32341 Resource Exhaustion vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption.
network
low complexity
ibm CWE-400
6.5
2024-02-09 CVE-2023-42016 Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-02-09 CVE-2024-22318 Session Fixation vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server.
local
low complexity
ibm CWE-384
5.5
2024-02-09 CVE-2024-22332 Resource Exhaustion vulnerability in IBM Integration BUS 10.1/10.1.0.2
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion.
network
low complexity
ibm CWE-400
6.5
2024-02-07 CVE-2023-31002 Cleartext Storage of Sensitive Information vulnerability in IBM Security Access Manager Container
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user.
local
low complexity
ibm CWE-312
5.5
2024-02-06 CVE-2024-22331 Information Exposure vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent.
local
low complexity
ibm CWE-200
5.5
2024-02-06 CVE-2023-46183 Unspecified vulnerability in IBM Powervm Hypervisor
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information.
local
low complexity
ibm
4.4
2024-02-04 CVE-2023-33851 Unspecified vulnerability in IBM Powervm Hypervisor
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator.
network
low complexity
ibm
4.9
2024-02-04 CVE-2023-50947 Cross-site Scripting vulnerability in IBM products
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4