Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-40680 | Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Operator 2.0.26/3.2.4 IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | 5.5 |
| 2024-09-05 | CVE-2024-45096 | Unspecified vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | 6.5 |
| 2024-09-04 | CVE-2024-45074 | Path Traversal vulnerability in IBM Webmethods Integration 10.15 IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. | 6.5 |
| 2024-08-29 | CVE-2024-35118 | Use of Hard-coded Credentials vulnerability in IBM Maas360 MDM IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | 4.6 |
| 2024-08-22 | CVE-2024-35151 | Missing Authentication for Critical Function vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | 6.5 |
| 2024-08-22 | CVE-2024-39744 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2024-08-22 | CVE-2024-39746 | Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2024-08-20 | CVE-2024-41773 | Unspecified vulnerability in IBM Global Configuration Management 7.0.2/7.0.3 IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. | 6.5 |
| 2024-08-16 | CVE-2023-47728 | Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. | 6.5 |
| 2024-08-15 | CVE-2024-31905 | Missing Encryption of Sensitive Data vulnerability in IBM Qradar Network Packet Capture 7.5.0 IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |