Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-27 | CVE-2024-37527 | Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. | 5.4 |
2025-01-26 | CVE-2023-50945 | Unprotected Storage of Credentials vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
2025-01-26 | CVE-2023-50946 | Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | 6.5 |
2025-01-25 | CVE-2024-35111 | Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
2025-01-25 | CVE-2024-35112 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
2025-01-25 | CVE-2024-35113 | Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | 6.5 |
2025-01-25 | CVE-2024-35114 | Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | 5.3 |
2025-01-24 | CVE-2024-40706 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | 4.3 |
2025-01-24 | CVE-2024-41757 | Missing Encryption of Sensitive Data vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2025-01-23 | CVE-2023-32340 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. | 5.4 |