Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-02 CVE-2023-26283 Cross-site Scripting vulnerability in IBM Websphere Application Server 9.0
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-03-22 CVE-2023-25688 Path Traversal vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.3
2023-03-21 CVE-2023-25686 Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2023-03-21 CVE-2023-25687 Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files.
network
low complexity
ibm CWE-532
4.3
2023-03-21 CVE-2023-25689 Path Traversal vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.3
2023-03-21 CVE-2023-27873 Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input.
network
low complexity
ibm
6.5
2023-03-15 CVE-2022-46773 Improper Authentication vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools.
network
low complexity
ibm CWE-287
6.5
2023-03-15 CVE-2023-25680 Unspecified vulnerability in IBM products
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials.
network
low complexity
ibm
6.5
2023-03-15 CVE-2022-46774 Incorrect Default Permissions vulnerability in IBM Manage Application 8.4.0/8.5.0
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to.
network
low complexity
ibm CWE-276
6.5
2023-03-15 CVE-2023-22876 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm
6.5