Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-35011 Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2023-08-02 CVE-2023-23476 Incorrect Authorization vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes.
network
low complexity
ibm CWE-863
6.5
2023-07-31 CVE-2020-4868 Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2023-07-31 CVE-2023-22595 Cross-site Scripting vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-31 CVE-2023-24971 Deserialization of Untrusted Data vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects.
network
low complexity
ibm CWE-502
6.5
2023-07-31 CVE-2023-35016 Path Traversal vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2023-07-22 CVE-2023-25929 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-22 CVE-2023-28530 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.
network
low complexity
ibm CWE-79
5.4
2023-07-19 CVE-2022-43908 Improper Input Validation vulnerability in IBM Security Guardium 11.3
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation.
network
low complexity
ibm CWE-20
6.5
2023-07-19 CVE-2023-29259 Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
network
low complexity
ibm
5.3