Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-27 | CVE-2023-30444 | Server-Side Request Forgery (SSRF) vulnerability in IBM Watson Machine Learning on Cloud PAK for Data 4.0/4.5 IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2023-04-07 | CVE-2022-43914 | Cross-site Scripting vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-04-07 | CVE-2022-43928 | Unspecified vulnerability in IBM DB2 Mirror for I 7.4/7.5 The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. | 6.5 |
| 2023-04-02 | CVE-2023-26283 | Cross-site Scripting vulnerability in IBM Websphere Application Server 9.0 IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-03-22 | CVE-2023-25688 | Path Traversal vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2023-03-21 | CVE-2023-25686 | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2023-03-21 | CVE-2023-25687 | Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. | 4.3 |
| 2023-03-21 | CVE-2023-25689 | Path Traversal vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2023-03-21 | CVE-2023-27873 | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. | 6.5 |
| 2023-03-15 | CVE-2022-46773 | Improper Authentication vulnerability in IBM products IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. | 6.5 |