Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-35716 | Incorrect Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | 6.5 |
| 2022-07-26 | CVE-2022-22412 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. low complexity ibm | 4.6 |
| 2022-07-25 | CVE-2022-35288 | Unspecified vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. | 6.5 |
| 2022-07-20 | CVE-2021-38936 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. | 4.9 |
| 2022-07-20 | CVE-2022-22424 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. | 5.5 |
| 2022-07-19 | CVE-2022-22359 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2022-07-19 | CVE-2022-22416 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2022-07-19 | CVE-2022-22417 | Cross-site Scripting vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. | 5.4 |
| 2022-07-18 | CVE-2021-29788 | Cross-site Scripting vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. | 5.4 |
| 2022-07-18 | CVE-2021-29790 | Cross-site Scripting vulnerability in IBM Engineering Requirements Quality Assistant On-Premises IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. | 5.4 |