Vendor CVEs
IBM
All CVEs
8,264 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39081 | 0.00 | — | 0.00 | Dec 19, 2024 | IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||
| CVE-2021-29827 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | |||
| CVE-2021-20553 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure… | |||
| CVE-2024-51470 | 0.00 | — | 0.01 | Dec 18, 2024 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. | |||
| CVE-2024-25042 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. | |||
| CVE-2024-45082 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to… | |||
| CVE-2024-41752 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||
| CVE-2024-52361 | 0.00 | — | 0.01 | Dec 18, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | |||
| CVE-2023-50956 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | |||
| CVE-2024-47119 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | |||
| CVE-2024-47104 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can… | |||
| CVE-2024-49816 | 0.00 | — | 0.00 | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | |||
| CVE-2024-49820 | 0.00 | — | 0.00 | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive… | |||
| CVE-2024-49819 | 0.00 | — | 0.00 | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | |||
| CVE-2024-49818 | 0.00 | — | 0.00 | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||
| CVE-2024-49817 | 0.00 | — | 0.00 | Dec 17, 2024 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | |||
| CVE-2024-31891 | 0.00 | — | 0.00 | Dec 14, 2024 | IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system. | |||
| CVE-2024-31892 | 0.00 | — | 0.00 | Dec 14, 2024 | IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements. | |||
| CVE-2024-52901 | 0.00 | — | 0.01 | Dec 12, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | |||
| CVE-2024-51460 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. | |||
| CVE-2023-23472 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | |||
| CVE-2023-37395 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. | |||
| CVE-2024-35117 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. | |||
| CVE-2024-47117 | 0.00 | — | 0.00 | Dec 10, 2024 | IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials… | |||
| CVE-2024-47107 | 0.00 | — | 0.00 | Dec 7, 2024 | IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||
| CVE-2024-41762 | 0.00 | — | 0.00 | Dec 7, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||
| CVE-2024-37071 | 0.00 | — | 0.00 | Dec 7, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | |||
| CVE-2024-47115 | 0.00 | — | 0.00 | Dec 7, 2024 | IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | |||
| CVE-2024-51465 | 0.00 | — | 0.01 | Dec 4, 2024 | IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||
| CVE-2024-41775 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||
| CVE-2024-25020 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to… | |||
| CVE-2024-41776 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||
| CVE-2024-41777 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||
| CVE-2024-45676 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. | |||
| CVE-2024-25036 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. | |||
| CVE-2024-25035 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | |||
| CVE-2024-40691 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to… | |||
| CVE-2024-25019 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to… | |||
| CVE-2021-29892 | 0.00 | — | 0.00 | Dec 3, 2024 | IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | |||
| CVE-2024-49804 | 0.00 | — | 0.00 | Nov 29, 2024 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | |||
| CVE-2024-49806 | 0.00 | — | 0.00 | Nov 29, 2024 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||
| CVE-2024-49805 | 0.00 | — | 0.00 | Nov 29, 2024 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||
| CVE-2024-49803 | 0.00 | — | 0.01 | Nov 29, 2024 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||
| CVE-2024-49353 | 0.00 | — | 0.00 | Nov 26, 2024 | IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. | |||
| CVE-2024-49351 | 0.00 | — | 0.00 | Nov 26, 2024 | IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. | |||
| CVE-2024-52899 | 0.00 | — | 0.01 | Nov 26, 2024 | IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. | |||
| CVE-2023-26280 | 0.00 | — | 0.00 | Nov 25, 2024 | IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | |||
| CVE-2023-45181 | 0.00 | — | 0.00 | Nov 25, 2024 | IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||
| CVE-2024-35160 | 0.00 | — | 0.00 | Nov 23, 2024 | IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | |||
| CVE-2024-41761 | 0.00 | — | 0.00 | Nov 23, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. |
- CVE-2021-39081Dec 19, 2024risk 0.00cvss —epss 0.00
IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2021-29827Dec 18, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- CVE-2021-20553Dec 18, 2024risk 0.00cvss —epss 0.00
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
- CVE-2024-51470Dec 18, 2024risk 0.00cvss —epss 0.01
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
- CVE-2024-25042Dec 18, 2024risk 0.00cvss —epss 0.00
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
- CVE-2024-45082Dec 18, 2024risk 0.00cvss —epss 0.00
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to…
- CVE-2024-41752Dec 18, 2024risk 0.00cvss —epss 0.00
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
- CVE-2024-52361Dec 18, 2024risk 0.00cvss —epss 0.01
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.
- CVE-2023-50956Dec 18, 2024risk 0.00cvss —epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
- CVE-2024-47119Dec 18, 2024risk 0.00cvss —epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
- CVE-2024-47104Dec 18, 2024risk 0.00cvss —epss 0.00
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can…
- CVE-2024-49816Dec 17, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
- CVE-2024-49820Dec 17, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…
- CVE-2024-49819Dec 17, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
- CVE-2024-49818Dec 17, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- CVE-2024-49817Dec 17, 2024risk 0.00cvss —epss 0.00
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
- CVE-2024-31891Dec 14, 2024risk 0.00cvss —epss 0.00
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
- CVE-2024-31892Dec 14, 2024risk 0.00cvss —epss 0.00
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
- CVE-2024-52901Dec 12, 2024risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
- CVE-2024-51460Dec 11, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
- CVE-2023-23472Dec 11, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
- CVE-2023-37395Dec 11, 2024risk 0.00cvss —epss 0.00
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
- CVE-2024-35117Dec 11, 2024risk 0.00cvss —epss 0.00
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
- CVE-2024-47117Dec 10, 2024risk 0.00cvss —epss 0.00
IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…
- CVE-2024-47107Dec 7, 2024risk 0.00cvss —epss 0.00
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2024-41762Dec 7, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2024-37071Dec 7, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
- CVE-2024-47115Dec 7, 2024risk 0.00cvss —epss 0.00
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
- CVE-2024-51465Dec 4, 2024risk 0.00cvss —epss 0.01
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
- CVE-2024-41775Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-25020Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to…
- CVE-2024-41776Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- CVE-2024-41777Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CVE-2024-45676Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.
- CVE-2024-25036Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
- CVE-2024-25035Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
- CVE-2024-40691Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to…
- CVE-2024-25019Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to…
- CVE-2021-29892Dec 3, 2024risk 0.00cvss —epss 0.00
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- CVE-2024-49804Nov 29, 2024risk 0.00cvss —epss 0.00
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
- CVE-2024-49806Nov 29, 2024risk 0.00cvss —epss 0.00
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CVE-2024-49805Nov 29, 2024risk 0.00cvss —epss 0.00
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CVE-2024-49803Nov 29, 2024risk 0.00cvss —epss 0.01
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
- CVE-2024-49353Nov 26, 2024risk 0.00cvss —epss 0.00
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.
- CVE-2024-49351Nov 26, 2024risk 0.00cvss —epss 0.00
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.
- CVE-2024-52899Nov 26, 2024risk 0.00cvss —epss 0.01
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.
- CVE-2023-26280Nov 25, 2024risk 0.00cvss —epss 0.00
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
- CVE-2023-45181Nov 25, 2024risk 0.00cvss —epss 0.00
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2024-35160Nov 23, 2024risk 0.00cvss —epss 0.00
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
- CVE-2024-41761Nov 23, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Page 111 of 166