Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

How Confidential Computing Can Change Cybersecurity

Encrypting data while in use, not just in transit and at rest, closes one more avenue of cyberattack.

DARKReading
Open in Source
#web#mac#apple#google#microsoft#amazon#red_hat#git#intel#aws#amd#auth#ibm
CVE-2022-41740: A vulnerability in IBM Robotic Process Automation may result in sensitive information disclosure (CVE-2022-41740)

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

CVE-2022-43844: IBM Robotic Process Automation for Cloud Pak session fixation CVE-2022-43844 Vulnerability Report

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.

CVE-2022-43573: IBM Robotic Process Automation information disclosure CVE-2022-43573 Vulnerability Report

IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.

CVE-2022-22371: Security Bulletin: Dashboard of IBM Sterling B2B Integrator is vulnerable to session mismanagment (CVE-2022-22371)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.

CVE-2022-34330: IBM Sterling B2B Integrator Standard Edition cross-site scripting CVE-2022-34330 Vulnerability Report

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469.

CVE-2022-22337: Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2022-22337)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507.

CVE-2022-22352: IBM Sterling B2B Integrator Standard Edition cross-site scripting CVE-2022-22352 Vulnerability Report

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398.

CVE-2022-22338: IBM Sterling B2B Integrator Standard Edition SQL injection CVE-2022-22338 Vulnerability Report

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510.

CVE-2022-43920: IBM Sterling B2B Integrator Standard Edition privilege escalation CVE-2022-43920 Vulnerability Report

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.