Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2021-39011 Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user.
network
low complexity
ibm CWE-532
4.9
2023-01-20 CVE-2021-39089 Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm CWE-200
6.5
2023-01-20 CVE-2022-41733 Improper Input Validation vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted.
network
low complexity
ibm CWE-20
5.3
2023-01-19 CVE-2022-39167 Unspecified vulnerability in IBM Spectrum Virtualize
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques.
network
high complexity
ibm
5.9
2023-01-18 CVE-2023-22594 Cross-site Scripting vulnerability in IBM products
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-01-18 CVE-2023-22863 Cleartext Transmission of Sensitive Information vulnerability in IBM products
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL.
network
high complexity
ibm CWE-319
5.9
2023-01-11 CVE-2022-34335 Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service.
network
low complexity
ibm CWE-400
6.5
2023-01-09 CVE-2022-22470 Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-312
5.5
2023-01-05 CVE-2022-41740 Cleartext Storage of Sensitive Information vulnerability in IBM products
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory.
low complexity
ibm CWE-312
4.6
2023-01-05 CVE-2022-43573 Information Exposure vulnerability in IBM products
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.
network
low complexity
ibm CWE-200
5.3