Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-09 | CVE-2023-47722 | Insufficiently Protected Credentials vulnerability in IBM API Connect 10.0.5.3/10.0.6.0 IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. | 5.5 |
| 2023-12-01 | CVE-2023-42009 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2023-12-01 | CVE-2023-42019 | Missing Encryption of Sensitive Data vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. | 5.9 |
| 2023-12-01 | CVE-2023-42022 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2023-12-01 | CVE-2023-43021 | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2023-12-01 | CVE-2023-46174 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2023-12-01 | CVE-2023-43015 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2023-12-01 | CVE-2023-26024 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Planning Analytics on Cloud PAK for Data 4.0 IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. | 6.5 |
| 2023-12-01 | CVE-2023-42006 | Incorrect Authorization vulnerability in IBM I IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. | 5.5 |
| 2023-11-23 | CVE-2021-39008 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6 IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. | 4.9 |