Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2022-22386 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2023-10-17 CVE-2022-43889 Unspecified vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system.
network
low complexity
ibm
5.3
2023-10-17 CVE-2022-43893 Resource Exhaustion vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload.
local
low complexity
ibm CWE-400
4.4
2023-10-17 CVE-2022-22377 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.3
2023-10-17 CVE-2022-22384 Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation.
network
low complexity
ibm CWE-20
4.3
2023-10-17 CVE-2023-38719 Unspecified vulnerability in IBM DB2 11.5.8
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF.
local
low complexity
ibm
4.4
2023-10-16 CVE-2023-35013 Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code.
local
low complexity
ibm CWE-668
4.4
2023-10-14 CVE-2023-40367 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-10-14 CVE-2022-43868 Unspecified vulnerability in IBM Security Verify Access Oidc Provider
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system.
network
low complexity
ibm
5.3
2023-10-14 CVE-2023-45176 Unspecified vulnerability in IBM APP Connect Enterprise and Integration BUS
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.
local
low complexity
ibm
5.5