Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-19 CVE-2023-28514 Information Exposure Through an Error Message vulnerability in IBM MQ
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace.
local
low complexity
ibm CWE-209
5.5
2023-05-12 CVE-2023-27863 Unspecified vulnerability in IBM Spectrum Protect 10.1.13
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores.
network
low complexity
ibm
4.9
2023-05-12 CVE-2023-28520 Cross-site Scripting vulnerability in IBM Planning Analytics Local 2.0.0
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-05-12 CVE-2021-39036 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.1/11.2
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2023-05-06 CVE-2022-43877 Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file.
local
low complexity
ibm CWE-922
5.5
2023-05-06 CVE-2023-24957 Cross-site Scripting vulnerability in IBM Business Automation Workflow
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-05-05 CVE-2020-4914 Insufficient Session Expiration vulnerability in IBM Cloud PAK System
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-613
5.5
2023-05-05 CVE-2022-43866 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-05-05 CVE-2022-43919 Improper Input Validation vulnerability in IBM MQ Appliance
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service.
network
low complexity
ibm CWE-20
6.5
2023-05-05 CVE-2023-22874 Resource Exhaustion vulnerability in IBM MQ Appliance
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.
local
low complexity
ibm CWE-400
5.5