Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2025-01-06 CVE-2024-31913 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2024-12-25 CVE-2024-39725 Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2024-12-25 CVE-2024-39727 Unspecified vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site.
network
low complexity
ibm
critical
9.8
2024-12-19 CVE-2024-49336 Unspecified vulnerability in IBM Security Guardium 11.5
IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm
5.4
2024-12-19 CVE-2023-30443 Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
network
low complexity
ibm CWE-770
6.5
2024-12-19 CVE-2024-35141 Unspecified vulnerability in IBM Security Verify Access Docker
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.
local
low complexity
ibm
7.8
2024-12-18 CVE-2024-25042 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS).
network
low complexity
ibm CWE-79
6.1
2024-12-18 CVE-2024-41752 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
2024-12-18 CVE-2024-45082 Open Redirect vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
low complexity
ibm CWE-601
5.2
2024-12-17 CVE-2024-49816 Information Exposure Through Log Files vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
local
low complexity
ibm CWE-532
4.4