Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-07 | CVE-2023-35894 | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in IBM Sterling Control Center 6.2.1/6.3.1 IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2025-03-03 | CVE-2024-43169 | Download of Code Without Integrity Check vulnerability in IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | 6.5 |
| 2025-02-20 | CVE-2024-49337 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. | 5.4 |
| 2025-02-20 | CVE-2024-49344 | Session Fixation vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | 4.3 |
| 2025-02-20 | CVE-2024-43196 | Improper Following of a Certificate's Chain of Trust vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | 4.3 |
| 2025-02-20 | CVE-2024-49355 | Improper Output Neutralization for Logs vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | 6.5 |
| 2025-02-20 | CVE-2024-49780 | Unspecified vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2025-02-06 | CVE-2024-49791 | Cross-site Scripting vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2025-02-06 | CVE-2024-49792 | Cross-site Scripting vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2025-02-06 | CVE-2024-49793 | Cross-site Scripting vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site scripting. | 5.4 |