Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-19 | CVE-2023-28514 | Information Exposure Through an Error Message vulnerability in IBM MQ IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. | 5.5 |
| 2023-05-12 | CVE-2023-27863 | Unspecified vulnerability in IBM Spectrum Protect 10.1.13 IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. | 4.9 |
| 2023-05-12 | CVE-2023-28520 | Cross-site Scripting vulnerability in IBM Planning Analytics Local 2.0.0 IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-05-12 | CVE-2021-39036 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
| 2023-05-06 | CVE-2022-43877 | Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. | 5.5 |
| 2023-05-06 | CVE-2023-24957 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2023-05-05 | CVE-2020-4914 | Insufficient Session Expiration vulnerability in IBM Cloud PAK System IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 5.5 |
| 2023-05-05 | CVE-2022-43866 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3 IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. | 5.4 |
| 2023-05-05 | CVE-2022-43919 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. | 6.5 |
| 2023-05-05 | CVE-2023-22874 | Resource Exhaustion vulnerability in IBM MQ Appliance IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. | 5.5 |