Security SOAR
by IBM
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45670 | 0.00 | — | 0.00 | Nov 14, 2024 | IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | |||
| CVE-2024-38319 | 0.00 | — | 0.00 | Jun 22, 2024 | IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. | |||
| CVE-2021-29785 | 0.00 | — | 0.01 | Jan 20, 2022 | IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.… | |||
| CVE-2021-29802 | 0.00 | — | 0.01 | Aug 23, 2021 | IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | |||
| CVE-2021-29704 | 0.00 | — | 0.01 | Aug 23, 2021 | IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
- CVE-2024-45670Nov 14, 2024risk 0.00cvss —epss 0.00
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
- CVE-2024-38319Jun 22, 2024risk 0.00cvss —epss 0.00
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.
- CVE-2021-29785Jan 20, 2022risk 0.00cvss —epss 0.01
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.…
- CVE-2021-29802Aug 23, 2021risk 0.00cvss —epss 0.01
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CVE-2021-29704Aug 23, 2021risk 0.00cvss —epss 0.01
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.