Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-07 | CVE-2022-36772 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | 6.5 |
| 2022-10-07 | CVE-2022-41291 | Insufficient Session Expiration vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2022-10-06 | CVE-2022-36774 | Unspecified vulnerability in IBM products IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. high complexity ibm | 5.3 |
| 2022-10-06 | CVE-2022-38709 | Cross-site Scripting vulnerability in IBM Robotic Process Automation for Cloud PAK IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. | 6.1 |
| 2022-10-06 | CVE-2022-41294 | Origin Validation Error vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. | 6.5 |
| 2022-10-06 | CVE-2022-22503 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2022-09-29 | CVE-2011-4820 | Unspecified vulnerability in IBM Rational Asset Manager 7.5 IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. | 4.3 |
| 2022-09-29 | CVE-2012-2160 | Cross-site Scripting vulnerability in IBM Rational Change 5.3 IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 6.1 |
| 2022-09-29 | CVE-2012-4818 | Unspecified vulnerability in IBM Infosphere Information Server 8.1/8.5/8.7 IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. | 6.5 |
| 2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |