Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2021-20553 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. | 5.4 |
| 2024-12-19 | CVE-2021-29827 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. | 5.2 |
| 2024-12-18 | CVE-2024-25042 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2024-12-18 | CVE-2024-41752 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. | 6.1 |
| 2024-12-18 | CVE-2024-45082 | Open Redirect vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.2 |
| 2024-12-17 | CVE-2024-49816 | Information Exposure Through Log Files vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | 4.4 |
| 2024-12-17 | CVE-2024-49817 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | 4.4 |
| 2024-12-17 | CVE-2024-49818 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2024-12-12 | CVE-2024-52901 | Improper Validation of Specified Quantity in Input vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | 6.5 |
| 2024-12-11 | CVE-2023-23472 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | 6.5 |