Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-35898 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer.
network
low complexity
ibm
6.5
2023-07-19 CVE-2023-35900 Unspecified vulnerability in IBM products
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.
network
low complexity
ibm
5.3
2023-07-17 CVE-2023-35012 Unspecified vulnerability in IBM DB2 11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.
local
low complexity
ibm
6.7
2023-07-17 CVE-2023-33857 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system.
network
low complexity
ibm
5.3
2023-07-17 CVE-2023-35901 Improper Authentication vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.
network
low complexity
ibm CWE-287
5.3
2023-07-10 CVE-2023-23487 Unspecified vulnerability in IBM DB2 11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging.
network
low complexity
ibm
4.3
2023-07-10 CVE-2023-28953 Unspecified vulnerability in IBM Cognos Analytics Cartridge for IBM Cloud PAK for Data 4.0
IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context.
network
low complexity
ibm
4.3
2023-07-10 CVE-2023-28955 Unspecified vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0/4.5.0/4.5.3
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service.
network
low complexity
ibm
6.5
2023-07-10 CVE-2023-29256 Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used.
network
low complexity
ibm CWE-269
6.5
2023-07-07 CVE-2021-39014 Cross-site Scripting vulnerability in IBM Cloud Object Storage System 3.16.0
IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4