Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-01 | CVE-2022-41297 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-11-28 | CVE-2022-41732 | Insufficiently Protected Credentials vulnerability in IBM Maximo Application Suite 8.7/8.8 IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2022-11-22 | CVE-2022-40228 | Insufficient Session Expiration vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2022-11-21 | CVE-2022-40746 | Uncontrolled Search Path Element vulnerability in IBM I Access Client Solutions 1.1.4.3/1.1.9.0 IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. | 6.7 |
| 2022-11-17 | CVE-2022-38390 | Cross-site Scripting vulnerability in IBM Business Automation Workflow Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. | 5.4 |
| 2022-11-17 | CVE-2022-40751 | Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. | 4.9 |
| 2022-11-15 | CVE-2022-40753 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2022-11-14 | CVE-2022-34317 | Cross-site Scripting vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2022-11-14 | CVE-2022-34315 | Cross-site Scripting vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2022-11-14 | CVE-2022-34316 | Improper Encoding or Escaping of Output vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. | 5.3 |