Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-06 | CVE-2022-42439 | Information Exposure Through Log Files vulnerability in IBM products IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. | 4.9 |
| 2023-02-01 | CVE-2022-43922 | Inadequate Encryption Strength vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. | 6.5 |
| 2023-02-01 | CVE-2022-47983 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2023-01-20 | CVE-2021-39011 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. | 4.9 |
| 2023-01-20 | CVE-2021-39089 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. | 6.5 |
| 2023-01-20 | CVE-2022-41733 | Improper Input Validation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. | 5.3 |
| 2023-01-19 | CVE-2022-39167 | Unspecified vulnerability in IBM Spectrum Virtualize IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. | 5.9 |
| 2023-01-18 | CVE-2023-22594 | Cross-site Scripting vulnerability in IBM products IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. | 5.4 |
| 2023-01-18 | CVE-2023-22863 | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. | 5.9 |
| 2023-01-11 | CVE-2022-34335 | Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. | 6.5 |