Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-25680 Unspecified vulnerability in IBM products
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials.
network
low complexity
ibm
6.5
2023-03-15 CVE-2022-46774 Incorrect Default Permissions vulnerability in IBM Manage Application 8.4.0/8.5.0
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to.
network
low complexity
ibm CWE-276
6.5
2023-03-15 CVE-2023-22876 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm
6.5
2023-03-15 CVE-2022-43874 Cross-site Scripting vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2023-03-10 CVE-2023-24975 Improper Input Validation vulnerability in IBM Spectrum Symphony 7.3.0
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-20
6.1
2023-03-02 CVE-2022-35645 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-02-27 CVE-2023-22860 Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-02-24 CVE-2022-43923 Information Exposure Through Log Files vulnerability in IBM Maximo Application Suite 8.8.0/8.9.0
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2023-02-22 CVE-2022-43578 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-02-22 CVE-2022-43870 Information Exposure Through Log Files vulnerability in IBM Spectrum Virtualize 8.3.0.0/8.4.0.0/8.5.0.0
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files.
network
low complexity
ibm CWE-532
6.5