Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-14 | CVE-2024-27267 | Unspecified vulnerability in IBM Java SDK The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. | 5.9 |
2024-08-13 | CVE-2024-41774 | Cross-site Scripting vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
2024-08-13 | CVE-2022-38382 | Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. | 4.1 |
2024-08-12 | CVE-2023-38018 | Session Fixation vulnerability in IBM Aspera Shares 1.10.0 IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |
2024-08-06 | CVE-2024-39751 | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
2024-08-03 | CVE-2024-38321 | Information Exposure Through Log Files vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. | 6.5 |
2024-07-30 | CVE-2023-26288 | Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.5 |
2024-07-30 | CVE-2023-26289 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
2024-07-30 | CVE-2023-38001 | Unspecified vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2024-07-25 | CVE-2024-28772 | Unspecified vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |