Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-19 | CVE-2022-43887 | Information Exposure Through Log Files vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. | 5.3 |
| 2022-12-19 | CVE-2022-40607 | Path Traversal vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. | 6.8 |
| 2022-12-14 | CVE-2020-4497 | Cleartext Transmission of Sensitive Information vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. | 5.9 |
| 2022-12-12 | CVE-2022-22488 | Allocation of Resources Without Limits or Throttling vulnerability in IBM products IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. | 4.9 |
| 2022-12-12 | CVE-2022-34318 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2022-12-12 | CVE-2021-38997 | Improper Encoding or Escaping of Output vulnerability in IBM API Connect IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-12-09 | CVE-2022-41299 | Cross-site Scripting vulnerability in IBM Cloud Transformation Advisor IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. | 5.4 |
| 2022-12-07 | CVE-2022-41735 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. | 6.1 |
| 2022-12-01 | CVE-2022-43900 | Improper Authentication vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops 1.4.2 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. | 6.5 |
| 2022-12-01 | CVE-2022-43901 | Exposure of Resource to Wrong Sphere vulnerability in IBM Websphere Automation for IBM Cloud PAK for Watson Aiops 1.4.2 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. | 5.5 |