Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-27 | CVE-2024-22316 | Improper Access Control vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | 4.3 |
2025-01-27 | CVE-2024-37527 | Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. | 5.4 |
2025-01-26 | CVE-2023-50945 | Unprotected Storage of Credentials vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
2025-01-26 | CVE-2023-50946 | Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | 6.5 |
2025-01-25 | CVE-2024-35111 | Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
2025-01-25 | CVE-2024-35112 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
2025-01-25 | CVE-2024-35113 | Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | 6.5 |
2025-01-25 | CVE-2024-35114 | Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | 5.3 |
2025-01-24 | CVE-2024-25034 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. | 8.8 |
2025-01-24 | CVE-2024-40693 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 8.0 |