Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2021-39036 | Unspecified vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
| 2023-05-11 | CVE-2023-27554 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.3 |
| 2023-05-11 | CVE-2023-27870 | Information Exposure Through Discrepancy vulnerability in IBM Spectrum Virtualize 8.5 IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. | 5.9 |
| 2023-05-06 | CVE-2022-43877 | Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. | 5.1 |
| 2023-05-06 | CVE-2023-24957 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2023-05-05 | CVE-2020-4914 | Insufficient Session Expiration vulnerability in IBM Cloud PAK System IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 4.2 |
| 2023-05-05 | CVE-2022-43866 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3 IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. | 5.4 |
| 2023-05-05 | CVE-2023-26285 | Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. | 5.9 |
| 2023-05-05 | CVE-2022-43919 | Unspecified vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. | 6.5 |
| 2023-05-05 | CVE-2023-22874 | Resource Exhaustion vulnerability in IBM MQ Appliance IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. | 5.5 |