Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2021-39036 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.1/11.2
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2023-05-06 CVE-2022-43877 Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file.
local
low complexity
ibm CWE-922
5.5
2023-05-06 CVE-2023-24957 Cross-site Scripting vulnerability in IBM Business Automation Workflow
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-05-05 CVE-2020-4914 Insufficient Session Expiration vulnerability in IBM Cloud PAK System
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-613
5.5
2023-05-05 CVE-2022-43866 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-05-05 CVE-2022-43919 Improper Input Validation vulnerability in IBM MQ Appliance
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service.
network
low complexity
ibm CWE-20
6.5
2023-05-05 CVE-2023-22874 Resource Exhaustion vulnerability in IBM MQ Appliance
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.
local
low complexity
ibm CWE-400
5.5
2023-05-05 CVE-2023-30434 Improper Input Validation vulnerability in IBM Elastic Storage System and Spectrum Scale
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic.
local
low complexity
ibm CWE-20
5.5
2023-05-05 CVE-2022-38707 Insufficient Session Expiration vulnerability in IBM Cognos Command Center 10.2.4.1
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration.
local
low complexity
ibm CWE-613
5.5
2023-05-03 CVE-2022-39161 Improper Certificate Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks.
network
high complexity
ibm CWE-295
5.3