Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22404 | Allocation of Resources Without Limits or Throttling vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. | 4.0 |
| 2022-03-31 | CVE-2022-22311 | Improper Input Validation vulnerability in IBM Security Verify Access IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. | 5.8 |
| 2022-03-28 | CVE-2003-5002 | Cleartext Transmission of Sensitive Information vulnerability in IBM ISS Blackice PC Protection A vulnerability was found in ISS BlackICE PC Protection. | 5.3 |
| 2022-03-28 | CVE-2003-5003 | Cross-site Scripting vulnerability in IBM ISS Blackice PC Protection A vulnerability was found in ISS BlackICE PC Protection. | 6.1 |
| 2022-03-23 | CVE-2022-22316 | Unspecified vulnerability in IBM MQ Appliance IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. | 4.0 |
| 2022-03-18 | CVE-2021-29899 | Unspecified vulnerability in IBM Engineering Requirements Quality Assistant On-Premises 3.0 IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. | 4.0 |
| 2022-03-18 | CVE-2021-39046 | Insufficiently Protected Credentials vulnerability in IBM products IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. | 4.0 |
| 2022-03-15 | CVE-2020-4989 | Exposure of Resource to Wrong Sphere vulnerability in IBM Rational Team Concert IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. | 4.0 |
| 2022-03-14 | CVE-2021-38971 | Unspecified vulnerability in IBM Data Virtualization on Cloud PAK for Data IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. | 4.0 |
| 2022-03-14 | CVE-2021-39051 | Server-Side Request Forgery (SSRF) vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. | 6.4 |