Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-25 | CVE-2021-38963 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |
2024-09-25 | CVE-2022-43845 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
2024-09-25 | CVE-2024-38324 | Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | 6.5 |
2024-09-22 | CVE-2024-40703 | Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. | 5.5 |
2024-09-18 | CVE-2024-43188 | Unspecified vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | 4.9 |
2024-09-16 | CVE-2024-38315 | Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14 IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2024-09-13 | CVE-2024-43180 | Cleartext Transmission of Sensitive Information vulnerability in IBM Concert 1.0 IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2024-09-10 | CVE-2024-27257 | Unspecified vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | 4.3 |
2024-09-07 | CVE-2024-37068 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Maximo Application Suite 8.10/8.11/9.0 IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | 7.5 |
2024-09-07 | CVE-2024-40680 | Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Operator 2.0.26/3.2.4 IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | 5.5 |