Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-06 CVE-2024-49797 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-327
5.9
5.9
2025-02-06 CVE-2024-49798 Information Exposure Through an Error Message vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
4.3
2025-02-06 CVE-2024-49800 Cleartext Storage of Sensitive Information vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.
network
low complexity
ibm CWE-312
6.5
6.5
2025-02-05 CVE-2024-38317 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
4.8
4.8
2025-02-05 CVE-2024-38318 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection.
network
low complexity
CWE-80
4.8
4.8
2025-02-05 CVE-2024-56470 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF).
network
low complexity
CWE-918
5.4
5.4
2025-02-05 CVE-2024-56471 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF).
network
low complexity
CWE-918
5.4
5.4
2025-02-05 CVE-2024-56472 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting.
network
low complexity
CWE-79
6.4
6.4
2025-02-05 CVE-2024-56473 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers.
network
low complexity
CWE-117
5.3
5.3
2025-02-05 CVE-2024-7595 Unspecified vulnerability in Ietf products
GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
network
high complexity
ietf
6.5
6.5