Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-38324 Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
network
low complexity
ibm CWE-295
6.5
2024-09-22 CVE-2024-40703 Insufficiently Protected Credentials vulnerability in IBM Cognos Analytics and Cognos Analytics Reports
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key.
local
low complexity
ibm CWE-522
5.5
2024-09-18 CVE-2024-43188 Unspecified vulnerability in IBM Business Automation Workflow
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.
network
low complexity
ibm
4.9
2024-09-16 CVE-2024-38315 Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2024-09-13 CVE-2024-43180 Cleartext Transmission of Sensitive Information vulnerability in IBM Concert 1.0
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3
2024-09-10 CVE-2024-27257 Unspecified vulnerability in IBM Openpages GRC Platform and Openpages With Watson
IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.
network
low complexity
ibm
4.3
2024-09-07 CVE-2024-40680 Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Operator 2.0.26/3.2.4
IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
local
low complexity
ibm CWE-770
5.5
2024-09-05 CVE-2024-45096 Unspecified vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
network
low complexity
ibm
6.5
2024-09-04 CVE-2024-45074 Path Traversal vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2024-08-29 CVE-2024-35118 Use of Hard-coded Credentials vulnerability in IBM Maas360 MDM
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.
low complexity
ibm CWE-798
4.6