Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2022-43908 | Improper Input Validation vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. | 6.5 |
| 2023-07-19 | CVE-2023-29259 | Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 5.3 |
| 2023-07-19 | CVE-2023-29260 | Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0 IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2023-07-19 | CVE-2023-30433 | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2023-07-19 | CVE-2023-33832 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. | 4.7 |
| 2023-07-19 | CVE-2023-35898 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. | 6.5 |
| 2023-07-19 | CVE-2023-35900 | Unspecified vulnerability in IBM products IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. | 5.3 |
| 2023-07-17 | CVE-2023-35012 | Unspecified vulnerability in IBM DB2 11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 6.7 |
| 2023-07-17 | CVE-2023-33857 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. | 5.3 |
| 2023-07-17 | CVE-2023-35901 | Improper Authentication vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. | 5.3 |