Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-11 | CVE-2024-51460 | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. | 4.3 |
| 2024-12-07 | CVE-2024-41762 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 6.5 |
| 2024-12-03 | CVE-2024-41776 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2024-12-03 | CVE-2024-45676 | Insufficient Type Distinction vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. | 4.3 |
| 2024-12-03 | CVE-2021-29892 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2024-12-03 | CVE-2024-25035 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | 5.3 |
| 2024-11-25 | CVE-2023-45181 | Cross-site Scripting vulnerability in IBM Jazz Foundation IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. | 6.1 |
| 2024-11-23 | CVE-2024-35160 | Insufficient Session Expiration vulnerability in IBM BIG SQL and Watson Query With Cloud PAK for Data IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | 6.5 |
| 2024-11-23 | CVE-2024-41761 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 5.3 |
| 2024-11-14 | CVE-2024-45099 | Cross-site Scripting vulnerability in IBM Security Qradar EDR IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. | 4.8 |