Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-07 | CVE-2023-35894 | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in IBM Sterling Control Center 6.2.1/6.3.1 IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2025-03-07 | CVE-2025-0162 | XXE vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2025-03-03 | CVE-2024-41770 | Insufficiently Protected Credentials vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | 7.5 |
| 2025-03-03 | CVE-2024-41771 | Insufficiently Protected Credentials vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | 7.5 |
| 2025-03-03 | CVE-2024-43169 | Download of Code Without Integrity Check vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | 6.5 |
| 2025-02-20 | CVE-2024-49337 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. | 5.4 |
| 2025-02-20 | CVE-2024-49344 | Session Fixation vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | 4.3 |
| 2025-02-20 | CVE-2024-49779 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. | 8.8 |
| 2025-02-20 | CVE-2024-49781 | XXE vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2025-02-20 | CVE-2024-43196 | Improper Following of a Certificate's Chain of Trust vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | 4.3 |