Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-06 CVE-2022-42439 Information Exposure Through Log Files vulnerability in IBM products
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker.
network
low complexity
ibm CWE-532
4.9
2023-02-01 CVE-2022-43922 Inadequate Encryption Strength vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.
network
low complexity
ibm CWE-326
6.5
2023-02-01 CVE-2022-47983 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-01-20 CVE-2021-39011 Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user.
network
low complexity
ibm CWE-532
4.9
2023-01-20 CVE-2021-39089 Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm CWE-200
6.5
2023-01-20 CVE-2022-41733 Improper Input Validation vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted.
network
low complexity
ibm CWE-20
5.3
2023-01-19 CVE-2022-39167 Unspecified vulnerability in IBM Spectrum Virtualize
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques.
network
high complexity
ibm
5.9
2023-01-18 CVE-2023-22594 Cross-site Scripting vulnerability in IBM products
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-01-18 CVE-2023-22863 Cleartext Transmission of Sensitive Information vulnerability in IBM products
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL.
network
high complexity
ibm CWE-319
5.9
2023-01-11 CVE-2022-34335 Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service.
network
low complexity
ibm CWE-400
6.5