Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2022-36777 Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm
6.5
2023-11-22 CVE-2023-25682 Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2023-11-18 CVE-2023-40363 Incorrect Default Permissions vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings.
network
low complexity
ibm CWE-276
6.5
2023-11-13 CVE-2023-38363 Unspecified vulnerability in IBM Cics TX 10.1
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm
4.3
2023-11-13 CVE-2023-38364 Cross-site Scripting vulnerability in IBM Cics TX 10.1
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2023-11-11 CVE-2023-43057 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-11-10 CVE-2023-45167 Unspecified vulnerability in IBM AIX and Vios
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service.
local
low complexity
ibm
5.5
2023-11-03 CVE-2023-45189 Unspecified vulnerability in IBM Robotic Process Automation for Cloud PAK
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials.
network
low complexity
ibm
6.5
2023-11-03 CVE-2023-35896 Server-Side Request Forgery (SSRF) vulnerability in IBM Content Navigator 3.0.13
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2023-11-03 CVE-2023-42029 Cross-site Scripting vulnerability in IBM Cics TX and Txseries for Multiplatforms
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4