Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-19 | CVE-2023-28529 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-05-19 | CVE-2023-28950 | Unspecified vulnerability in IBM MQ IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. | 5.5 |
| 2023-05-19 | CVE-2023-28514 | Unspecified vulnerability in IBM MQ IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. | 5.5 |
| 2023-05-12 | CVE-2023-27863 | Unspecified vulnerability in IBM Spectrum Protect 10.1.13 IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. | 4.9 |
| 2023-05-12 | CVE-2023-28520 | Unspecified vulnerability in IBM Planning Analytics Local 2.0.0 IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-05-12 | CVE-2021-39036 | Unspecified vulnerability in IBM Cognos Analytics 11.1/11.2 IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. | 6.1 |
| 2023-05-11 | CVE-2023-27554 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.3 |
| 2023-05-11 | CVE-2023-27870 | Information Exposure Through Discrepancy vulnerability in IBM Spectrum Virtualize 8.5 IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. | 5.9 |
| 2023-05-06 | CVE-2022-43877 | Insecure Storage of Sensitive Information vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. | 5.1 |
| 2023-05-06 | CVE-2023-24957 | Cross-site Scripting vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. | 5.4 |