CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.
Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2023-02-12
N/A
6.5 MEDIUM
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.
Aix, Z/os, Db2, Spectrum_protect, Open_power, Power_system_8335-gth, Power_system_8335-gtx, Power_system_8335-gtc, Power_system_8335-gtg, Power_system_8335-gtw
2022-07-08
N/A
5.4 MEDIUM
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323.
Aix, Z/os, Db2, Spectrum_protect, Open_power, Power_system_8335-gth, Power_system_8335-gtx, Power_system_8335-gtc, Power_system_8335-gtg, Power_system_8335-gtw
2023-01-11
N/A
6.5 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.
IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.
