Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-07 | CVE-2023-35890 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5.5.23/9.0.5.15/9.0.5.16 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. | 5.5 |
| 2023-06-27 | CVE-2023-23468 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. | 5.5 |
| 2023-06-27 | CVE-2022-34352 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. | 6.5 |
| 2023-06-27 | CVE-2023-26273 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. | 4.3 |
| 2023-06-27 | CVE-2023-26274 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-06-27 | CVE-2023-32339 | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Business Automation Workflow is vulnerable to cross-site scripting. | 6.1 |
| 2023-06-22 | CVE-2023-33842 | Unspecified vulnerability in IBM Spss Modeler IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. | 5.5 |
| 2023-06-15 | CVE-2022-33159 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19 IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. | 6.5 |
| 2023-06-08 | CVE-2023-23480 | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. | 5.4 |
| 2023-06-08 | CVE-2023-23481 | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. | 5.4 |