Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-23 CVE-2023-50309 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-21 CVE-2024-45091 Information Exposure Through Log Files vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
local
low complexity
ibm CWE-532
5.5
2025-01-19 CVE-2024-45653 Information Exposure Through Sent Data vulnerability in IBM Sterling Connect Direct web Services
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
network
low complexity
ibm CWE-201
4.3
2025-01-18 CVE-2024-51448 Insecure Inherited Permissions vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges.
local
low complexity
ibm CWE-277
6.7
2025-01-12 CVE-2024-51456 Use of RSA Algorithm without OAEP vulnerability in IBM Robotic Process Automation
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
network
high complexity
ibm CWE-780
5.9
2025-01-12 CVE-2021-29669 Cross-site Scripting vulnerability in IBM Jazz Foundation
IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-08 CVE-2024-40679 Information Exposure Through Log Files vulnerability in IBM DB2 11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.
local
low complexity
ibm CWE-532
5.5
2025-01-07 CVE-2024-52366 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-327
5.9
2025-01-07 CVE-2024-52891 Improper Output Neutralization for Logs vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.
network
low complexity
ibm CWE-117
5.4
2025-01-07 CVE-2024-52893 Information Exposure Through an Error Message vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3