Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-17 | CVE-2022-22377 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.3 |
2023-10-17 | CVE-2022-22384 | Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. | 4.3 |
2023-10-17 | CVE-2023-38719 | Unspecified vulnerability in IBM DB2 11.5.8 IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. | 4.4 |
2023-10-16 | CVE-2023-35013 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. | 4.4 |
2023-10-14 | CVE-2023-40367 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. | 5.4 |
2023-10-14 | CVE-2022-43868 | Unspecified vulnerability in IBM Security Verify Access Oidc Provider IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. | 5.3 |
2023-10-14 | CVE-2023-45176 | Unspecified vulnerability in IBM APP Connect Enterprise and Integration BUS IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. | 5.5 |
2023-10-14 | CVE-2022-33161 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2023-10-13 | CVE-2023-40682 | Information Exposure Through Log Files vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. | 4.4 |
2023-10-06 | CVE-2022-34355 | Unspecified vulnerability in IBM products IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. | 5.5 |