Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-11-23 CVE-2024-35160 Insufficient Session Expiration vulnerability in IBM BIG SQL and Watson Query With Cloud PAK for Data
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
network
low complexity
ibm CWE-613
6.5
2024-11-15 CVE-2024-39726 XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2024-11-15 CVE-2024-41784 Path Traversal vulnerability in IBM Sterling Secure Proxy
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2024-11-14 CVE-2024-45099 Cross-site Scripting vulnerability in IBM Security Qradar EDR
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-11-14 CVE-2024-45642 Unspecified vulnerability in IBM Security Qradar EDR
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.3
2024-11-14 CVE-2024-45670 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
network
high complexity
ibm CWE-640
8.1
2024-11-11 CVE-2024-45087 Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-11-11 CVE-2024-45088 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.3
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2024-11-04 CVE-2024-45086 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-11-01 CVE-2024-41738 Unspecified vulnerability in IBM Txseries for Multiplatforms 10.1
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
network
high complexity
ibm
5.9