Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-03 | CVE-2024-25036 | Authentication Bypass Using an Alternate Path or Channel vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. | 3.3 |
| 2024-10-22 | CVE-2024-43173 | Unspecified vulnerability in IBM Concert 1.0.0/1.0.1 IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 3.7 |
| 2024-07-17 | CVE-2023-42010 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. | 3.7 |
| 2024-06-30 | CVE-2023-35022 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. | 3.3 |
| 2024-06-28 | CVE-2022-38383 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2024-06-15 | CVE-2024-31870 | Information Exposure Through Discrepancy vulnerability in IBM I IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. | 3.3 |
| 2024-06-13 | CVE-2024-22333 | Exposure of Resource to Wrong Sphere vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2024-03-22 | CVE-2022-32756 | Unspecified vulnerability in IBM Security Verify Directory 10.0.0 IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
| 2024-03-15 | CVE-2023-46181 | Unspecified vulnerability in IBM Sterling Secure Proxy 6.0.3/6.1.0 IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2024-02-21 | CVE-2023-50955 | Path Traversal vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. | 2.7 |