Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-25 | CVE-2024-39725 | Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2024-12-25 | CVE-2024-39727 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. | 9.8 |
| 2024-12-19 | CVE-2024-49336 | Server-Side Request Forgery (SSRF) vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2024-12-18 | CVE-2024-25042 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2024-12-18 | CVE-2024-41752 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. | 6.1 |
| 2024-12-18 | CVE-2024-45082 | Open Redirect vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.2 |
| 2024-12-17 | CVE-2024-49816 | Information Exposure Through Log Files vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | 4.4 |
| 2024-12-17 | CVE-2024-49817 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | 4.4 |
| 2024-12-17 | CVE-2024-49818 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2024-12-17 | CVE-2024-49819 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | 7.5 |