Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-40691 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users.
network
low complexity
ibm
4.9
2023-12-18 CVE-2023-47741 Insufficiently Protected Credentials vulnerability in IBM DB2 Mirror for I and I
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected.
low complexity
ibm CWE-522
5.3
2023-12-14 CVE-2023-45182 Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded.
local
low complexity
ibm CWE-922
6.5
2023-12-13 CVE-2023-49877 Information Exposure vulnerability in IBM products
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs.
network
low complexity
ibm CWE-200
4.3
2023-12-13 CVE-2023-49878 Information Exposure Through an Error Message vulnerability in IBM products
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2023-12-09 CVE-2023-28526 Out-of-bounds Write vulnerability in IBM products
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.
local
low complexity
ibm CWE-787
5.5
2023-12-09 CVE-2023-28527 Out-of-bounds Write vulnerability in IBM products
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.
local
low complexity
ibm CWE-787
5.5
2023-12-09 CVE-2023-47722 Insufficiently Protected Credentials vulnerability in IBM API Connect 10.0.5.3/10.0.6.0
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2023-12-01 CVE-2023-42009 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-42019 Missing Encryption of Sensitive Data vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation.
network
high complexity
ibm CWE-311
5.9