Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-26 | CVE-2024-40689 | SQL Injection vulnerability in IBM products IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 9.8 |
| 2024-07-25 | CVE-2022-32759 | Insufficient Session Expiration vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. | 7.5 |
| 2024-07-25 | CVE-2024-28772 | Cross-site Scripting vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-07-24 | CVE-2024-37533 | Privacy Violation vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. | 4.6 |
| 2024-07-18 | CVE-2023-50304 | XXE vulnerability in IBM products IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-07-17 | CVE-2024-28796 | Cross-site Scripting vulnerability in IBM Rational Clearquest IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-07-17 | CVE-2023-42010 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. | 3.7 |
| 2024-07-16 | CVE-2022-35640 | Information Exposure Through an Error Message vulnerability in IBM Sterling Partner Engagement Manager 6.2.2 IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. | 5.5 |
| 2024-07-15 | CVE-2024-39729 | Unspecified vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. | 4.3 |
| 2024-07-15 | CVE-2024-39735 | Cross-site Scripting vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. | 5.4 |