Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2021-20581 | Insufficient Session Expiration vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. | 4.3 |
| 2023-10-17 | CVE-2021-38859 | Unspecified vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. | 5.3 |
| 2023-10-17 | CVE-2022-22380 | Improper Certificate Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. | 4.3 |
| 2023-10-17 | CVE-2022-22386 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-10-17 | CVE-2022-43889 | Unspecified vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. | 5.3 |
| 2023-10-17 | CVE-2022-43893 | Resource Exhaustion vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. | 4.4 |
| 2023-10-17 | CVE-2022-22377 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.3 |
| 2023-10-17 | CVE-2022-22384 | Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. | 4.3 |
| 2023-10-17 | CVE-2023-38719 | Unspecified vulnerability in IBM DB2 11.5.8 IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. | 4.4 |
| 2023-10-16 | CVE-2023-35013 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. | 4.4 |