Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-27 | CVE-2023-30437 | Unspecified vulnerability in IBM Security Guardium 11.3/11.4/11.5 IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. | 5.3 |
2023-08-27 | CVE-2023-33852 | SQL Injection vulnerability in IBM Security Guardium 11.4 IBM Security Guardium 11.4 is vulnerable to SQL injection. | 5.4 |
2023-08-24 | CVE-2023-40371 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. | 5.5 |
2023-08-22 | CVE-2023-38733 | Information Exposure Through Log Files vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. | 4.3 |
2023-08-22 | CVE-2023-40370 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. | 5.3 |
2023-08-22 | CVE-2023-38732 | Information Exposure Through Log Files vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. | 4.3 |
2023-08-16 | CVE-2023-35009 | Information Exposure Through an Error Message vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. | 5.3 |
2023-08-16 | CVE-2023-35011 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). | 5.4 |
2023-08-02 | CVE-2023-23476 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. | 6.5 |
2023-07-31 | CVE-2020-4868 | Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |