Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2024-37527 | Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. | 5.4 |
| 2025-01-26 | CVE-2023-50945 | Unprotected Storage of Credentials vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2025-01-26 | CVE-2023-50946 | Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | 6.5 |
| 2025-01-25 | CVE-2024-35111 | Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35112 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35113 | Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | 6.5 |
| 2025-01-25 | CVE-2024-35114 | Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | 5.3 |
| 2025-01-24 | CVE-2024-25034 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. | 8.8 |
| 2025-01-24 | CVE-2024-40693 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 8.0 |
| 2025-01-24 | CVE-2024-40706 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | 4.3 |