Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-31 | CVE-2024-49807 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-01-29 | CVE-2023-35907 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2023-37398 | Weak Password Requirements vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
| 2025-01-29 | CVE-2023-37412 | Execution with Unnecessary Privileges vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | 4.9 |
| 2025-01-29 | CVE-2023-37413 | Response Discrepancy Information Exposure vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. | 5.3 |
| 2025-01-29 | CVE-2023-33838 | Use of a One-Way Hash without a Salt vulnerability in IBM Security Verify Governance 10.0.2 IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. | 4.9 |
| 2025-01-28 | CVE-2023-50316 | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. | 9.8 |
| 2025-01-28 | CVE-2024-27263 | Man-in-the-Middle vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. | 5.3 |
| 2025-01-27 | CVE-2023-47159 | Response Discrepancy Information Exposure vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | 4.3 |
| 2025-01-27 | CVE-2023-52292 | Cross-site Scripting vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. | 5.4 |