Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-01 CVE-2023-42022 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-43021 Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2023-12-01 CVE-2023-46174 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-43015 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7.1
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-12-01 CVE-2023-26024 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Planning Analytics on Cloud PAK for Data 4.0
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication.
low complexity
ibm CWE-327
6.5
2023-12-01 CVE-2023-42006 Incorrect Authorization vulnerability in IBM I
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks.
local
low complexity
ibm CWE-863
5.5
2023-11-23 CVE-2021-39008 Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices.
network
low complexity
ibm
4.9
2023-11-22 CVE-2022-36777 Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm
6.5
2023-11-22 CVE-2023-25682 Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2023-11-18 CVE-2023-40363 Incorrect Default Permissions vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings.
network
low complexity
ibm CWE-276
6.5