Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-03-07 | CVE-2025-0162 | XXE vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
2025-03-03 | CVE-2024-41770 | Insufficiently Protected Credentials vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | 7.5 |
2025-03-03 | CVE-2024-41771 | Insufficiently Protected Credentials vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | 7.5 |
2025-02-20 | CVE-2024-49779 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. | 8.8 |
2025-02-20 | CVE-2024-49781 | XXE vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
2025-02-20 | CVE-2024-49782 | Improper Validation of Certificate with Host Mismatch vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. | 8.2 |
2025-01-31 | CVE-2023-38739 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2025-01-24 | CVE-2024-25034 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. | 8.8 |
2025-01-24 | CVE-2024-40693 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0/2.1 IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 8.0 |
2025-01-22 | CVE-2024-31903 | Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |