Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-16	CVE-2023-35011	Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). network low complexity ibm CWE-918	5.4
2023-08-02	CVE-2023-23476	Incorrect Authorization vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. network low complexity ibm CWE-863	6.5
2023-07-31	CVE-2020-4868	Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. network low complexity ibm CWE-209	5.3
2023-07-31	CVE-2023-22595	Cross-site Scripting vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2023-07-31	CVE-2023-24971	Deserialization of Untrusted Data vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. network low complexity ibm CWE-502	6.5
2023-07-31	CVE-2023-35016	Path Traversal vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. network low complexity ibm CWE-22	6.5
2023-07-22	CVE-2023-25929	Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2023-07-22	CVE-2023-28530	Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. network low complexity ibm CWE-79	5.4
2023-07-19	CVE-2022-43908	Improper Input Validation vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. network low complexity ibm CWE-20	6.5
2023-07-19	CVE-2023-29259	Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. network low complexity ibm	5.3