Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-52893 | Information Exposure Through an Error Message vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2025-01-06 | CVE-2024-31913 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-01-04 | CVE-2024-41765 | Path Traversal vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2025-01-04 | CVE-2024-41768 | Missing Standardized Error Handling Mechanism vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. | 6.5 |
| 2025-01-03 | CVE-2024-41780 | Privacy Violation vulnerability in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0 IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. | 4.6 |
| 2025-01-03 | CVE-2024-5591 | Information Exposure Through an Error Message vulnerability in IBM Jazz Foundation 7.0.2/7.0.3/7.1.0 IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2024-12-25 | CVE-2024-39725 | Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2024-12-19 | CVE-2024-49336 | Unspecified vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2024-12-19 | CVE-2023-30443 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 6.5 |
| 2024-12-19 | CVE-2022-33954 | Insufficiently Protected Credentials vulnerability in IBM Robotic Process Automation 21.0.1/21.0.2/21.0.3 IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | 4.6 |