Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2025-0162 XXE vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2025-03-03 CVE-2024-41770 Insufficiently Protected Credentials vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
network
low complexity
ibm CWE-522
7.5
2025-03-03 CVE-2024-41771 Insufficiently Protected Credentials vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
network
low complexity
ibm CWE-522
7.5
2025-02-20 CVE-2024-49779 Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies.
network
low complexity
ibm CWE-352
8.8
2025-02-20 CVE-2024-49781 XXE vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2025-02-20 CVE-2024-49782 Improper Validation of Certificate with Host Mismatch vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security.
network
low complexity
ibm CWE-297
8.2
2025-01-31 CVE-2023-38739 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2025-01-24 CVE-2024-25034 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process.
network
low complexity
ibm CWE-434
8.8
2025-01-24 CVE-2024-40693 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
network
low complexity
ibm CWE-434
8.0
2025-01-22 CVE-2024-31903 Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.
low complexity
ibm CWE-502
8.8