Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-22595 Cross-site Scripting vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-31 CVE-2023-24971 Deserialization of Untrusted Data vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects.
network
low complexity
ibm CWE-502
6.5
2023-07-31 CVE-2023-35016 Path Traversal vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2023-07-22 CVE-2023-25929 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-22 CVE-2023-28530 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.
network
low complexity
ibm CWE-79
5.4
2023-07-19 CVE-2022-43908 Improper Input Validation vulnerability in IBM Security Guardium 11.3
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation.
network
low complexity
ibm CWE-20
6.5
2023-07-19 CVE-2023-29259 Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
network
low complexity
ibm
5.3
2023-07-19 CVE-2023-29260 Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2023-07-19 CVE-2023-30433 Open Redirect vulnerability in IBM Security Verify Access 10.0.0
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
5.4
2023-07-19 CVE-2023-33832 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.
local
high complexity
ibm CWE-367
4.7