Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-32332 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2023-09-05 CVE-2023-22870 Cleartext Transmission of Sensitive Information vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques.
network
high complexity
ibm CWE-319
5.9
2023-09-05 CVE-2023-29261 Insecure Storage of Sensitive Information vulnerability in IBM Sterling External Authentication Server 6.0.3.0/6.1.0
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations.
local
low complexity
ibm CWE-922
5.5
2023-09-05 CVE-2022-43903 Unspecified vulnerability in IBM Security Guardium 10.6/11.3/11.4
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation.
network
low complexity
ibm
6.5
2023-09-05 CVE-2023-32338 Insufficiently Protected Credentials vulnerability in IBM products
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access.
local
low complexity
ibm CWE-522
5.5
2023-08-31 CVE-2023-33834 Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 10.0.4/10.0.5
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm CWE-209
5.3
2023-08-28 CVE-2023-26272 Information Exposure Through an Error Message vulnerability in IBM Guardium Cloud KEY Manager
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2023-08-27 CVE-2022-43909 Cross-site Scripting vulnerability in IBM Security Guardium 11.4
IBM Security Guardium 11.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-08-27 CVE-2023-30435 Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-08-27 CVE-2023-30436 Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4