Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-06 CVE-2024-49794 Cross-Site Request Forgery (CSRF) vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2025-02-06 CVE-2024-49795 Cross-Site Request Forgery (CSRF) vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2025-02-06 CVE-2024-49797 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-327
5.9
2025-02-06 CVE-2024-49798 Information Exposure Through an Error Message vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2025-02-06 CVE-2024-49800 Cleartext Storage of Sensitive Information vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.
network
low complexity
ibm CWE-312
6.5
2025-02-05 CVE-2024-38316 Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
network
low complexity
ibm
6.5
2025-02-05 CVE-2024-38318 Cross-site Scripting vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
2025-02-05 CVE-2024-56472 Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
5.4
2025-01-31 CVE-2024-40696 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-31 CVE-2024-45089 Information Exposure Through Discrepancy vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.
network
low complexity
ibm CWE-203
4.3