Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-45642 | Unspecified vulnerability in IBM Security Qradar EDR IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. | 5.3 |
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-11-11 | CVE-2024-45087 | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-11-11 | CVE-2024-45088 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.3 IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-11-04 | CVE-2024-45086 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 5.5 |
| 2024-11-01 | CVE-2024-41738 | Unspecified vulnerability in IBM Txseries for Multiplatforms 10.1 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | 5.9 |
| 2024-11-01 | CVE-2024-41741 | Information Exposure Through Discrepancy vulnerability in IBM Txseries for Multiplatforms 10.1 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | 5.3 |
| 2024-11-01 | CVE-2024-41745 | Cross-site Scripting vulnerability in IBM Cics TX 11.1.0.0 IBM CICS TX Standard is vulnerable to cross-site scripting. | 6.1 |
| 2024-10-23 | CVE-2023-50310 | Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3 IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2024-10-23 | CVE-2024-31880 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | 6.5 |