Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-19 | CVE-2024-52359 | Incorrect User Management vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | 8.8 |
| 2024-11-19 | CVE-2024-52360 | SQL Injection vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. | 9.8 |
| 2024-11-15 | CVE-2024-39726 | XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-11-15 | CVE-2024-41784 | Path Traversal vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2024-11-15 | CVE-2024-41785 | Cross-site Scripting vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-15 | CVE-2024-43189 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2024-11-14 | CVE-2024-45099 | Cross-site Scripting vulnerability in IBM Security Qradar EDR IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. | 4.8 |
| 2024-11-14 | CVE-2024-45642 | Unspecified vulnerability in IBM Security Qradar EDR IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. | 5.3 |
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-11-11 | CVE-2024-45087 | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |