Shodan
Vulnerabilities
Vulnerable Software
Ibm:  Security Vulnerabilities
CVE-2023-28520
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-05-12
CVE-2023-28522
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-12
CVE-2021-39036
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-05-12
CVE-2023-27554
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-11
CVE-2023-27870
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-11
CVE-2023-24957
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-06
CVE-2022-43877
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-05-06
CVE-2022-22313
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-05-06
CVE-2020-4914
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.
CVSS Score
4.2
EPSS Score
0.0
Published
2023-05-05
CVE-2022-43866
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved