Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-27 CVE-2023-30444 Server-Side Request Forgery (SSRF) vulnerability in IBM Watson Machine Learning on Cloud PAK for Data 4.0/4.5
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
6.5
2023-04-07 CVE-2022-43914 Cross-site Scripting vulnerability in IBM Tririga Application Platform
IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-04-07 CVE-2022-43928 Unspecified vulnerability in IBM DB2 Mirror for I 7.4/7.5
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing.
network
low complexity
ibm
6.5
2023-04-02 CVE-2023-26283 Cross-site Scripting vulnerability in IBM Websphere Application Server 9.0
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-03-22 CVE-2023-25688 Path Traversal vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.3
2023-03-21 CVE-2023-25686 Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2023-03-21 CVE-2023-25687 Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files.
network
low complexity
ibm CWE-532
4.3
2023-03-21 CVE-2023-25689 Path Traversal vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.3
2023-03-21 CVE-2023-27873 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input.
network
low complexity
ibm
6.5
2023-03-15 CVE-2022-46773 Improper Authentication vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools.
network
low complexity
ibm CWE-287
6.5