Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2023-33838 | Use of a One-Way Hash without a Salt vulnerability in IBM Security Verify Governance 10.0.2 IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. | 4.9 |
| 2025-01-28 | CVE-2024-27263 | Man-in-the-Middle vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. | 5.3 |
| 2025-01-27 | CVE-2023-47159 | Response Discrepancy Information Exposure vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | 4.3 |
| 2025-01-27 | CVE-2023-52292 | Cross-site Scripting vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-01-27 | CVE-2024-22316 | Improper Access Control vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | 4.3 |
| 2025-01-27 | CVE-2024-37527 | Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. | 5.4 |
| 2025-01-26 | CVE-2023-50945 | Unprotected Storage of Credentials vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2025-01-26 | CVE-2023-50946 | Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | 6.5 |
| 2025-01-25 | CVE-2024-35111 | Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35112 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |