Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-19 CVE-2021-20553 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2024-12-19 CVE-2021-29827 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim.
low complexity
ibm CWE-1021
5.2
2024-12-18 CVE-2024-25042 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS).
network
low complexity
ibm CWE-79
6.1
2024-12-18 CVE-2024-41752 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
2024-12-18 CVE-2024-45082 Open Redirect vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
low complexity
ibm CWE-601
5.2
2024-12-17 CVE-2024-49816 Information Exposure Through Log Files vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
local
low complexity
ibm CWE-532
4.4
2024-12-17 CVE-2024-49817 Insufficiently Protected Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
local
low complexity
ibm CWE-522
4.4
2024-12-17 CVE-2024-49818 Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2024-12-12 CVE-2024-52901 Improper Validation of Specified Quantity in Input vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
network
low complexity
ibm CWE-1284
6.5
2024-12-11 CVE-2023-23472 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
6.5