Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-31 CVE-2024-47103 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-31 CVE-2024-47116 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-31 CVE-2024-49807 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-29 CVE-2023-37412 Execution with Unnecessary Privileges vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
network
low complexity
ibm CWE-250
4.9
2025-01-29 CVE-2023-37413 Response Discrepancy Information Exposure vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
network
low complexity
ibm CWE-204
5.3
2025-01-29 CVE-2023-33838 Use of a One-Way Hash without a Salt vulnerability in IBM Security Verify Governance 10.0.2
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
network
low complexity
ibm CWE-759
4.9
2025-01-28 CVE-2024-27263 Man-in-the-Middle vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.
network
high complexity
ibm CWE-300
5.3
2025-01-27 CVE-2023-47159 Response Discrepancy Information Exposure vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.
network
low complexity
ibm CWE-204
4.3
2025-01-27 CVE-2023-52292 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-27 CVE-2024-22316 Improper Access Control vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
network
low complexity
ibm CWE-284
4.3