Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-03 | CVE-2023-32329 | Insufficient Verification of Data Authenticity vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. | 5.5 |
| 2024-02-02 | CVE-2023-47144 | Cross-site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. | 6.1 |
| 2024-02-02 | CVE-2022-40744 | Cross-site Scripting vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-02-02 | CVE-2023-38019 | Path Traversal vulnerability in IBM Soar Qradar Plugin APP 1.0 IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2024-02-02 | CVE-2023-38020 | Improper Output Neutralization for Logs vulnerability in IBM Soar Qradar Plugin APP 1.0 IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. | 4.3 |
| 2024-02-02 | CVE-2023-46159 | Improper Input Validation vulnerability in IBM Storage Ceph 5.3Z1/5.3Z5/6.1Z1 IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. | 6.5 |
| 2024-02-02 | CVE-2023-50328 | Exposure of Resource to Wrong Sphere vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. | 5.3 |
| 2024-02-02 | CVE-2023-50934 | Improper Authentication vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. | 5.3 |
| 2024-02-02 | CVE-2023-50935 | Forced Browsing vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. | 6.5 |
| 2024-02-02 | CVE-2023-50938 | User Interface (UI) Misrepresentation of Critical Information vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |