Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-35279 | Cleartext Storage of Sensitive Information vulnerability in IBM Business Automation Workflow "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. | 4.3 |
| 2022-11-03 | CVE-2022-35642 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2022-11-03 | CVE-2022-38710 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM products IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. | 5.3 |
| 2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
| 2022-11-03 | CVE-2022-40230 | Insufficient Session Expiration vulnerability in IBM MQ Appliance 9.2.0.0/9.3.0.0 "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2022-11-03 | CVE-2022-40235 | Improper Input Validation vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. | 6.5 |
| 2022-10-11 | CVE-2022-38388 | Unspecified vulnerability in IBM Navigator Mobile 3.4.1.1/3.4.1.2 IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. | 5.5 |
| 2022-10-10 | CVE-2022-34334 | Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1 IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2022-10-07 | CVE-2022-30613 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. | 5.5 |
| 2022-10-07 | CVE-2022-34308 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. | 5.5 |