Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-52893 Information Exposure Through an Error Message vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2025-01-06 CVE-2024-31913 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-04 CVE-2024-41765 Path Traversal vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2025-01-04 CVE-2024-41768 Missing Standardized Error Handling Mechanism vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.
network
low complexity
ibm CWE-544
6.5
2025-01-03 CVE-2024-41780 Privacy Violation vulnerability in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.
low complexity
ibm CWE-359
4.6
2025-01-03 CVE-2024-5591 Information Exposure Through an Error Message vulnerability in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2024-12-25 CVE-2024-39725 Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2024-12-19 CVE-2024-49336 Unspecified vulnerability in IBM Security Guardium 11.5
IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm
5.4
2024-12-19 CVE-2023-30443 Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
network
low complexity
ibm CWE-770
6.5
2024-12-19 CVE-2022-33954 Insufficiently Protected Credentials vulnerability in IBM Robotic Process Automation 21.0.1/21.0.2/21.0.3
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.
low complexity
ibm CWE-522
4.6