Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-23487 | Unspecified vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. | 4.3 |
| 2023-07-10 | CVE-2023-28953 | Unspecified vulnerability in IBM Cognos Analytics Cartridge for IBM Cloud PAK for Data 4.0 IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. | 4.3 |
| 2023-07-10 | CVE-2023-28955 | Unspecified vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0/4.5.0/4.5.3 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. | 6.5 |
| 2023-07-10 | CVE-2023-29256 | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. | 6.5 |
| 2023-07-07 | CVE-2021-39014 | Cross-site Scripting vulnerability in IBM Cloud Object Storage System 3.16.0 IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-07-07 | CVE-2023-35890 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5.5.23/9.0.5.15/9.0.5.16 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. | 5.5 |
| 2023-06-27 | CVE-2023-23468 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. | 5.5 |
| 2023-06-27 | CVE-2022-34352 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. | 6.5 |
| 2023-06-27 | CVE-2023-26273 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. | 4.3 |
| 2023-06-27 | CVE-2023-26274 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. | 5.4 |