Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |
| 2022-09-28 | CVE-2022-22387 | Cross-site Scripting vulnerability in IBM Application Gateway 1.0 IBM Application Gateway is vulnerable to cross-site scripting. | 5.4 |
| 2022-09-28 | CVE-2022-35282 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2022-09-28 | CVE-2022-35722 | Cross-site Scripting vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management is vulnerable to stored cross-site scripting. | 5.4 |
| 2022-09-28 | CVE-2022-36771 | Unspecified vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0/4.1.1 IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. | 6.5 |
| 2022-09-23 | CVE-2022-22423 | Improper Input Validation vulnerability in IBM Common Cryptographic Architecture IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. | 5.5 |
| 2022-09-23 | CVE-2022-35721 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. | 5.4 |
| 2022-09-23 | CVE-2022-40748 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2022-09-19 | CVE-2022-40234 | Exposure of Resource to Wrong Sphere vulnerability in IBM Spectrum Protect Plus Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. | 5.9 |
| 2022-09-13 | CVE-2022-22329 | Unspecified vulnerability in IBM Control Desk IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |