Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-40697 Weak Password Requirements vulnerability in IBM Common Licensing 9.0
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2024-08-13 CVE-2024-41774 Cross-site Scripting vulnerability in IBM Common Licensing 9.0
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-08-13 CVE-2022-38382 Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information.
network
low complexity
ibm CWE-613
4.1
2024-08-12 CVE-2023-38018 Session Fixation vulnerability in IBM Aspera Shares 1.10.0
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
5.4
2024-08-06 CVE-2024-39751 Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2024-08-04 CVE-2024-35143 Missing Authentication for Critical Function vulnerability in IBM products
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server.
network
low complexity
ibm CWE-306
critical
9.1
2024-08-03 CVE-2024-38321 Information Exposure Through Log Files vulnerability in IBM Business Automation Workflow
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user.
network
low complexity
ibm CWE-532
6.5
2024-07-30 CVE-2022-33167 Incorrect Permission Assignment for Critical Resource vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
2024-07-30 CVE-2023-26288 Insufficient Session Expiration vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.5
2024-07-30 CVE-2023-26289 Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
5.4