Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2022-22377 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.3
2023-10-17 CVE-2022-22384 Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation.
network
low complexity
ibm CWE-20
4.3
2023-10-17 CVE-2023-38719 Unspecified vulnerability in IBM DB2 11.5.8
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF.
local
low complexity
ibm
4.4
2023-10-16 CVE-2023-35013 Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code.
local
low complexity
ibm CWE-668
4.4
2023-10-14 CVE-2023-40367 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-10-14 CVE-2022-43868 Unspecified vulnerability in IBM Security Verify Access Oidc Provider
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system.
network
low complexity
ibm
5.3
2023-10-14 CVE-2023-45176 Unspecified vulnerability in IBM APP Connect Enterprise and Integration BUS
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.
local
low complexity
ibm
5.5
2023-10-14 CVE-2022-33161 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2023-10-13 CVE-2023-40682 Information Exposure Through Log Files vulnerability in IBM APP Connect Enterprise
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.
local
low complexity
ibm CWE-532
4.4
2023-10-06 CVE-2022-34355 Unspecified vulnerability in IBM products
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system.
local
low complexity
ibm
5.5