Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2024-37527 Cross-site Scripting vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-26 CVE-2023-50945 Unprotected Storage of Credentials vulnerability in IBM Common Licensing 9.0.0
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-256
5.5
2025-01-26 CVE-2023-50946 Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0
IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.
network
low complexity
ibm CWE-863
6.5
2025-01-25 CVE-2024-35111 Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2025-01-25 CVE-2024-35112 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-80
4.3
2025-01-25 CVE-2024-35113 Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
network
low complexity
ibm CWE-548
6.5
2025-01-25 CVE-2024-35114 Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
network
low complexity
ibm CWE-204
5.3
2025-01-24 CVE-2024-40706 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
4.3
2025-01-24 CVE-2024-41757 Missing Encryption of Sensitive Data vulnerability in IBM Concert Software 1.0.0/1.0.1
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2025-01-23 CVE-2023-32340 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4