Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-22595 | Cross-site Scripting vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. | 5.4 |
| 2023-07-31 | CVE-2023-24971 | Deserialization of Untrusted Data vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. | 6.5 |
| 2023-07-31 | CVE-2023-35016 | Path Traversal vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2023-07-22 | CVE-2023-25929 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 5.4 |
| 2023-07-22 | CVE-2023-28530 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. | 5.4 |
| 2023-07-19 | CVE-2022-43908 | Improper Input Validation vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. | 6.5 |
| 2023-07-19 | CVE-2023-29259 | Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 5.3 |
| 2023-07-19 | CVE-2023-29260 | Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2023-07-19 | CVE-2023-30433 | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2023-07-19 | CVE-2023-33832 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. | 4.7 |