Vulnerabilities > IBM > Control Center
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-25 | CVE-2024-35111 | Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35112 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35113 | Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | 6.5 |
| 2025-01-25 | CVE-2024-35114 | Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | 5.3 |
| 2021-05-19 | CVE-2021-20528 | Cross-site Scripting vulnerability in IBM Control Center 6.2.0.0 IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. | 5.4 |
| 2021-05-19 | CVE-2021-20529 | Unspecified vulnerability in IBM Control Center 6.2.0.0 IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. | 5.3 |
| 2018-02-21 | CVE-2017-1758 | XXE vulnerability in IBM products IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2016-07-08 | CVE-2016-0252 | Information Exposure vulnerability in IBM Control Center and Sterling Control Center IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. | 5.1 |