Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2022-43906 | Unspecified vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | 5.3 |
| 2023-10-04 | CVE-2023-40376 | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
| 2023-10-04 | CVE-2023-40684 | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.11/3.0.13/3.0.14 IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. | 5.4 |
| 2023-10-04 | CVE-2023-35905 | Cross-site Scripting vulnerability in IBM Filenet Content Manager 5.5.10/5.5.11/5.5.8 IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. | 5.4 |
| 2023-09-20 | CVE-2023-38718 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. | 5.3 |
| 2023-09-20 | CVE-2023-40368 | Unspecified vulnerability in IBM Storage Protect IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. | 4.4 |
| 2023-09-08 | CVE-2022-22402 | Cross-site Scripting vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2023-09-08 | CVE-2022-22409 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. | 5.3 |
| 2023-09-08 | CVE-2022-22405 | Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-09-08 | CVE-2023-24965 | Exposure of Resource to Wrong Sphere vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 5.3 |