Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-10 CVE-2023-28955 Unspecified vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.5.3
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service.
network
low complexity
ibm
6.5
2023-07-10 CVE-2023-29256 Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used.
network
low complexity
ibm CWE-269
6.5
2023-07-07 CVE-2021-39014 Cross-site Scripting vulnerability in IBM Cloud Object Storage System
IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-07-07 CVE-2023-35890 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5.5.23/9.0.5.15/9.0.5.16
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file.
local
low complexity
ibm CWE-327
5.5
2023-06-27 CVE-2023-23468 Unspecified vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.
local
low complexity
ibm
5.5
2023-06-27 CVE-2022-34352 Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains.
network
low complexity
ibm CWE-200
6.5
2023-06-27 CVE-2023-26273 Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation.
network
low complexity
ibm CWE-20
4.3
2023-06-27 CVE-2023-26274 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-06-27 CVE-2023-32339 Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation
IBM Business Automation Workflow is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2023-06-22 CVE-2023-33842 Unspecified vulnerability in IBM Spss Modeler
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information.
local
low complexity
ibm
5.5