Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-03 CVE-2024-38321 Information Exposure Through Log Files vulnerability in IBM Business Automation Workflow
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user.
network
low complexity
ibm CWE-532
6.5
2024-07-30 CVE-2023-26288 Insufficient Session Expiration vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.5
2024-07-30 CVE-2023-26289 Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
5.4
2024-07-30 CVE-2023-38001 Cross-Site Request Forgery (CSRF) vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
2024-07-25 CVE-2024-28772 Cross-site Scripting vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2024-07-24 CVE-2024-37533 Privacy Violation vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine.
low complexity
ibm CWE-359
4.6
2024-07-17 CVE-2024-28796 Cross-site Scripting vulnerability in IBM Rational Clearquest
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2024-07-16 CVE-2022-35640 Information Exposure Through an Error Message vulnerability in IBM Sterling Partner Engagement Manager 6.2.2
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
ibm CWE-209
5.5
2024-07-15 CVE-2024-39729 Unspecified vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system.
network
low complexity
ibm
4.3
2024-07-15 CVE-2024-39735 Cross-site Scripting vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4