Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-06 | CVE-2024-49794 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2025-02-06 | CVE-2024-49795 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2025-02-06 | CVE-2024-49797 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-02-06 | CVE-2024-49798 | Information Exposure Through an Error Message vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-02-06 | CVE-2024-49800 | Cleartext Storage of Sensitive Information vulnerability in IBM Applinx 11.1.0 IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | 6.5 |
| 2025-02-05 | CVE-2024-38316 | Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | 6.5 |
| 2025-02-05 | CVE-2024-38318 | Cross-site Scripting vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. | 6.1 |
| 2025-02-05 | CVE-2024-56472 | Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-01-31 | CVE-2024-40696 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. | 5.4 |
| 2025-01-31 | CVE-2024-45089 | Information Exposure Through Discrepancy vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy. | 4.3 |