Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2025-01-24 CVE-2024-41757 Missing Encryption of Sensitive Data vulnerability in IBM Concert Software 1.0.0/1.0.1
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2025-01-23 CVE-2023-32340 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-23 CVE-2023-50309 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-22 CVE-2024-31903 Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.
low complexity
ibm CWE-502
8.8
2025-01-21 CVE-2024-45091 Information Exposure Through Log Files vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
local
low complexity
ibm CWE-532
5.5
2025-01-20 CVE-2024-45647 Unspecified vulnerability in IBM products
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
network
low complexity
ibm
critical
9.8
2025-01-19 CVE-2024-45653 Information Exposure Through Sent Data vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
network
low complexity
ibm CWE-201
4.3
2025-01-18 CVE-2024-51448 Insecure Inherited Permissions vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges.
local
low complexity
ibm CWE-277
6.7
2025-01-17 CVE-2024-52363 Path Traversal vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2025-01-12 CVE-2024-51456 Use of RSA Algorithm without OAEP vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
network
high complexity
ibm CWE-780
5.9