Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-09 CVE-2023-47722 Insufficiently Protected Credentials vulnerability in IBM API Connect 10.0.5.3/10.0.6.0
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2023-12-01 CVE-2023-42009 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-42019 Missing Encryption of Sensitive Data vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation.
network
high complexity
ibm CWE-311
5.9
2023-12-01 CVE-2023-42022 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-43021 Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2023-12-01 CVE-2023-46174 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-43015 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-26024 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Planning Analytics on Cloud PAK for Data 4.0
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication.
low complexity
ibm CWE-327
6.5
2023-12-01 CVE-2023-42006 Incorrect Authorization vulnerability in IBM I
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks.
local
low complexity
ibm CWE-863
5.5
2023-11-23 CVE-2021-39008 Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices.
network
low complexity
ibm
4.9