CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0799 – IBM App Connect Enterprise Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-0799
06 Feb 2025 — IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories. IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted... • https://www.ibm.com/support/pages/node/7182418 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51450 – IBM Security Verify Directory Command Execution
https://notcve.org/view.php?id=CVE-2024-51450
06 Feb 2025 — IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. • https://www.ibm.com/support/pages/node/7182558 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49814 – IBM Security Verify Access Appliance Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-49814
06 Feb 2025 — IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. • https://www.ibm.com/support/pages/node/7182558 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56473 – IBM Aspera Shares Data Manipulation
https://notcve.org/view.php?id=CVE-2024-56473
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. • https://www.ibm.com/support/pages/node/7182490 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56472 – IBM Aspera Shares Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-56472
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... • https://www.ibm.com/support/pages/node/7182490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56471 – IBM Aspera Shares Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-56471
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attac... • https://www.ibm.com/support/pages/node/7182490 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56470 – IBM Aspera Shares Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-56470
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attac... • https://www.ibm.com/support/pages/node/7182490 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38318 – IBM Aspera Shares HTML injection
https://notcve.org/view.php?id=CVE-2024-38318
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. • https://www.ibm.com/support/pages/node/7182490 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38317 – IBM Aspera Shares Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-38317
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia... • https://www.ibm.com/support/pages/node/7182490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38316 – IBM Aspera Shares Denial of Service
https://notcve.org/view.php?id=CVE-2024-38316
05 Feb 2025 — IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. • https://www.ibm.com/support/pages/node/7182490 • CWE-770: Allocation of Resources Without Limits or Throttling •