Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-45172 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service.
local
low complexity
ibm
5.5
2023-12-19 CVE-2023-47146 Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified.
network
low complexity
ibm
6.5
2023-12-19 CVE-2023-42015 Cross-site Scripting vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
4.3
2023-12-18 CVE-2023-40691 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users.
network
low complexity
ibm
4.9
2023-12-18 CVE-2023-47741 Insufficiently Protected Credentials vulnerability in IBM DB2 Mirror for I and I
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected.
low complexity
ibm CWE-522
5.3
2023-12-14 CVE-2023-45182 Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded.
local
low complexity
ibm CWE-922
6.5
2023-12-13 CVE-2023-49877 Information Exposure vulnerability in IBM products
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs.
network
low complexity
ibm CWE-200
4.3
2023-12-13 CVE-2023-49878 Information Exposure Through an Error Message vulnerability in IBM products
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2023-12-09 CVE-2023-28526 Out-of-bounds Write vulnerability in IBM products
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.
local
low complexity
ibm CWE-787
5.5
2023-12-09 CVE-2023-28527 Out-of-bounds Write vulnerability in IBM products
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.
local
low complexity
ibm CWE-787
5.5