Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-03 CVE-2024-41777 Use of Hard-coded Credentials vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2024-11-29 CVE-2024-49803 OS Command Injection vulnerability in IBM Security Verify Access
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
2024-11-29 CVE-2024-49804 Unspecified vulnerability in IBM Security Verify Access
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
local
low complexity
ibm
7.8
2024-11-19 CVE-2024-52359 Incorrect User Management vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.
network
low complexity
ibm CWE-286
8.8
2024-11-15 CVE-2024-39726 XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2024-11-15 CVE-2024-41784 Path Traversal vulnerability in IBM Sterling Secure Proxy
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2024-11-14 CVE-2024-45670 Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
network
high complexity
ibm CWE-640
8.1
2024-10-23 CVE-2023-50310 Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
network
low complexity
ibm CWE-522
7.5
2024-10-16 CVE-2024-49340 Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2024-10-15 CVE-2024-45085 Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request.
network
low complexity
ibm CWE-754
7.5