Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-22502 | Cross-site Scripting vulnerability in IBM products IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2022-06-24 | CVE-2022-33953 | Insufficiently Protected Credentials vulnerability in IBM products IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. | 4.6 |
| 2022-06-21 | CVE-2021-39006 | Unspecified vulnerability in IBM Qradar Wincollect 10.0/10.0.1 IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. | 5.3 |
| 2022-06-20 | CVE-2022-22414 | Unspecified vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. | 5.5 |
| 2022-06-17 | CVE-2022-30607 | Information Exposure vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. | 6.5 |
| 2022-06-15 | CVE-2022-22444 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. | 5.5 |
| 2022-06-10 | CVE-2022-30610 | Improper Privilege Management vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. | 4.5 |
| 2022-06-10 | CVE-2022-30611 | Cross-site Scripting vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 5.4 |
| 2022-06-10 | CVE-2022-31769 | Unspecified vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. | 5.3 |
| 2022-05-31 | CVE-2022-22361 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |