Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-14 | CVE-2022-33161 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-10-13 | CVE-2023-40682 | Information Exposure Through Log Files vulnerability in IBM APP Connect Enterprise 12.0.1.0/12.0.4.0/12.0.5.0 IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. | 4.4 |
| 2023-10-06 | CVE-2022-34355 | Unspecified vulnerability in IBM products IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. | 5.5 |
| 2023-10-04 | CVE-2022-43906 | Unspecified vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | 5.3 |
| 2023-10-04 | CVE-2023-40376 | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
| 2023-10-04 | CVE-2023-40684 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.11/3.0.13/3.0.14 IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. | 5.4 |
| 2023-10-04 | CVE-2023-35905 | Cross-site Scripting vulnerability in IBM Filenet Content Manager 5.5.10/5.5.11/5.5.8 IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. | 5.4 |
| 2023-09-20 | CVE-2023-38718 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. | 5.3 |
| 2023-09-20 | CVE-2023-40368 | Unspecified vulnerability in IBM Storage Protect IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. | 4.4 |
| 2023-09-08 | CVE-2022-22402 | Cross-site Scripting vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. | 5.4 |