Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-06 | CVE-2024-49793 | Cross-site Scripting vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site scripting. | 5.4 |
| 2025-02-06 | CVE-2024-49794 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2025-02-06 | CVE-2024-49795 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2025-02-06 | CVE-2024-49797 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-02-06 | CVE-2024-49798 | Information Exposure Through an Error Message vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-02-06 | CVE-2024-49800 | Cleartext Storage of Sensitive Information vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | 6.5 |
| 2025-02-05 | CVE-2024-38316 | Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | 6.5 |
| 2025-02-05 | CVE-2024-38318 | Cross-site Scripting vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. | 6.1 |
| 2025-02-05 | CVE-2024-56472 | Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-01-31 | CVE-2024-40696 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. | 5.4 |