Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-14 | CVE-2024-28781 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2024-05-14 | CVE-2024-22344 | Cross-site Scripting vulnerability in IBM Txseries for Multiplatform 8.2 IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. | 6.1 |
| 2024-05-14 | CVE-2023-47711 | Unspecified vulnerability in IBM Security Guardium IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. | 6.5 |
| 2024-05-04 | CVE-2023-27283 | Information Exposure Through Discrepancy vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. | 5.3 |
| 2024-05-03 | CVE-2022-22364 | Authentication Bypass by Spoofing vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. | 5.3 |
| 2024-05-03 | CVE-2021-20556 | Information Exposure Through Discrepancy vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. | 5.3 |
| 2024-05-03 | CVE-2023-23474 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | 5.3 |
| 2024-05-03 | CVE-2023-28952 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. | 5.3 |
| 2024-05-01 | CVE-2024-28775 | Cross-site Scripting vulnerability in IBM Websphere Automation 1.7.0 IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. | 5.4 |
| 2024-04-19 | CVE-2022-40745 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. | 5.5 |