Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-33834 Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 10.0.4/10.0.5
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm CWE-209
5.3
5.3
2023-08-28 CVE-2023-26272 Information Exposure Through an Error Message vulnerability in IBM Guardium Cloud KEY Manager
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3
2023-08-27 CVE-2022-43909 Cross-site Scripting vulnerability in IBM Security Guardium 11.4
IBM Security Guardium 11.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-08-27 CVE-2023-30435 Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-08-27 CVE-2023-30436 Cross-site Scripting vulnerability in IBM Security Guardium 11.3/11.4/11.5
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-08-27 CVE-2023-30437 Unspecified vulnerability in IBM Security Guardium 11.3/11.4/11.5
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request.
network
low complexity
ibm
5.3
5.3
2023-08-27 CVE-2023-33852 SQL Injection vulnerability in IBM Security Guardium 11.4
IBM Security Guardium 11.4 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
5.4
5.4
2023-08-24 CVE-2023-40371 Unspecified vulnerability in IBM AIX and Vios
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls.
local
low complexity
ibm
5.5
5.5
2023-08-22 CVE-2023-38733 Information Exposure Through Log Files vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs.
network
low complexity
ibm CWE-532
4.3
4.3
2023-08-22 CVE-2023-40370 Unspecified vulnerability in IBM products
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.
network
low complexity
ibm
5.3
5.3