Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-12 | CVE-2024-40690 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2024-07-10 | CVE-2023-33859 | Response Discrepancy Information Exposure vulnerability in IBM Security Qradar EDR 3.12 IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. | 5.3 |
| 2024-07-10 | CVE-2023-33860 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in IBM Security Qradar EDR 3.12 IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |
| 2024-07-10 | CVE-2023-35006 | Cross-site Scripting vulnerability in IBM Security Qradar EDR 3.12 IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. | 5.4 |
| 2024-07-10 | CVE-2024-25023 | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2024-07-09 | CVE-2024-35154 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. | 7.2 |
| 2024-07-08 | CVE-2024-39742 | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
| 2024-07-08 | CVE-2024-39743 | Unspecified vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. | 7.5 |
| 2024-07-08 | CVE-2024-31897 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). | 4.3 |
| 2024-07-08 | CVE-2024-37528 | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. | 5.4 |