Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-22458 | Insufficiently Protected Credentials vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. | 6.5 |
| 2022-12-22 | CVE-2022-43857 | Path Traversal vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. | 4.3 |
| 2022-12-22 | CVE-2022-43858 | Path Traversal vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. | 4.3 |
| 2022-12-22 | CVE-2022-43859 | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. | 4.3 |
| 2022-12-22 | CVE-2022-35646 | Improper Authentication vulnerability in IBM Security Verify Governance 10.0.1 IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. | 5.3 |
| 2022-12-20 | CVE-2022-39166 | Unspecified vulnerability in IBM Security Guardium 11.4 IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. | 4.9 |
| 2022-12-20 | CVE-2022-43382 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. | 4.4 |
| 2022-12-20 | CVE-2022-46771 | Cross-site Scripting vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. | 4.6 |
| 2022-12-20 | CVE-2022-43872 | Incorrect Authorization vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. | 5.3 |
| 2022-12-20 | CVE-2022-43875 | Improper Input Validation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. | 5.5 |