Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-35118 Use of Hard-coded Credentials vulnerability in IBM Maas360 MDM
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.
low complexity
ibm CWE-798
4.6
2024-08-22 CVE-2024-35151 Missing Authentication for Critical Function vulnerability in IBM Openpages GRC Platform and Openpages With Watson
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
network
low complexity
ibm CWE-306
6.5
2024-08-22 CVE-2024-39744 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2024-08-22 CVE-2024-39746 Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2024-08-20 CVE-2024-41773 Unspecified vulnerability in IBM Global Configuration Management 7.0.2/7.0.3
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.
network
low complexity
ibm
6.5
2024-08-16 CVE-2023-47728 Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request.
network
low complexity
ibm CWE-209
6.5
2024-08-15 CVE-2024-31905 Missing Encryption of Sensitive Data vulnerability in IBM Qradar Network Packet Capture 7.5.0
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2024-08-15 CVE-2024-40704 Insufficiently Protected Credentials vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers.
network
low complexity
ibm CWE-522
4.9
2024-08-15 CVE-2024-40705 Unspecified vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads.
network
low complexity
ibm
6.5
2024-08-15 CVE-2024-25024 Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-312
5.5