Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2024-22316 Improper Access Control vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
network
low complexity
ibm CWE-284
4.3
2025-01-27 CVE-2024-37527 Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-26 CVE-2023-50945 Unprotected Storage of Credentials vulnerability in IBM Common Licensing 9.0.0
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-256
5.5
2025-01-26 CVE-2023-50946 Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0
IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.
network
low complexity
ibm CWE-863
6.5
2025-01-25 CVE-2024-35111 Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2025-01-25 CVE-2024-35112 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-80
4.3
2025-01-25 CVE-2024-35113 Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
network
low complexity
ibm CWE-548
6.5
2025-01-25 CVE-2024-35114 Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
network
low complexity
ibm CWE-204
5.3
2025-01-24 CVE-2024-40706 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
4.3
2025-01-24 CVE-2024-41757 Missing Encryption of Sensitive Data vulnerability in IBM Concert Software 1.0.0/1.0.1
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9