Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-41785 | Cross-site Scripting vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-15 | CVE-2024-43189 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2024-11-14 | CVE-2024-45099 | Cross-site Scripting vulnerability in IBM Security Qradar EDR IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. | 4.8 |
| 2024-11-14 | CVE-2024-45642 | Unspecified vulnerability in IBM Security Qradar EDR IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. | 5.3 |
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-11-11 | CVE-2024-45087 | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-11-11 | CVE-2024-45088 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.3 IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-11-04 | CVE-2024-45086 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 5.5 |
| 2024-11-01 | CVE-2024-41738 | Unspecified vulnerability in IBM Txseries for Multiplatforms 10.1 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | 5.9 |
| 2024-11-01 | CVE-2024-41741 | Information Exposure Through Discrepancy vulnerability in IBM Txseries for Multiplatforms 10.1 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | 5.3 |