Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2021-39036 | Cross-site Scripting vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
| 2023-05-06 | CVE-2022-43877 | Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. | 5.5 |
| 2023-05-06 | CVE-2023-24957 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2023-05-05 | CVE-2020-4914 | Insufficient Session Expiration vulnerability in IBM Cloud PAK System IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 5.5 |
| 2023-05-05 | CVE-2022-43866 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3 IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. | 5.4 |
| 2023-05-05 | CVE-2022-43919 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. | 6.5 |
| 2023-05-05 | CVE-2023-22874 | Resource Exhaustion vulnerability in IBM MQ Appliance IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. | 5.5 |
| 2023-05-05 | CVE-2023-30434 | Improper Input Validation vulnerability in IBM Elastic Storage System and Spectrum Scale IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. | 5.5 |
| 2023-05-05 | CVE-2022-38707 | Insufficient Session Expiration vulnerability in IBM Cognos Command Center 10.2.4.1 IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. | 5.5 |
| 2023-05-03 | CVE-2022-39161 | Improper Certificate Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. | 5.3 |