CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45642 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2024-45642
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7172212 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45099 – IBM Security ReaQta cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45099
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7172212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45670 – IBM Security SOAR weak password recovery mechanism
https://notcve.org/view.php?id=CVE-2024-45670
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. • https://www.ibm.com/support/pages/node/7172206 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45088 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45088
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41744 – IBM CICS TX Standard cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-41744
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7174576 • CWE-352: Cross-Site Request Forgery (CSRF) •