Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2024-37527 IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-01-27 CVE-2024-38320 IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
CWE-327
5.9
5.9
2025-01-27 CVE-2024-38325 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel.
network
high complexity
CWE-311
5.9
5.9
2025-01-27 CVE-2025-24593 Cross-site Scripting vulnerability in Wisdmlabs Edwiser Bridge
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS.
network
low complexity
wisdmlabs CWE-79
6.1
6.1
2025-01-27 CVE-2025-24680 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS.
network
low complexity
CWE-79
6.1
6.1
2025-01-27 CVE-2025-24741 Open Redirect vulnerability in Logon KB Support
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support.
network
low complexity
logon CWE-601
6.1
6.1
2025-01-27 CVE-2024-12345 A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002.
local
low complexity
CWE-400
4.4
4.4
2025-01-27 CVE-2023-46187 IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-01-27 CVE-2024-28770 IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
CWE-614
4.8
4.8
2025-01-27 CVE-2024-28771 IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
CWE-614
4.8
4.8