Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45072 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2024-10-16 | CVE-2024-49340 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3 IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-10-15 | CVE-2024-45085 | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. | 7.5 |
| 2024-09-30 | CVE-2024-45073 | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
| 2024-09-26 | CVE-2024-31899 | Insufficiently Protected Credentials vulnerability in IBM Cognos Command Center 10.2.4.1/10.2.5 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | 4.3 |
| 2024-09-25 | CVE-2021-38963 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |
| 2024-09-25 | CVE-2022-43845 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
| 2024-09-25 | CVE-2024-38324 | Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | 6.5 |
| 2024-09-22 | CVE-2024-40703 | Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. | 5.5 |
| 2024-09-18 | CVE-2024-43188 | Unspecified vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | 4.9 |