CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49348 – IBM Cloud Pak for Business Automation incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2024-49348
05 Feb 2025 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows re... • https://www.ibm.com/support/pages/node/7182403 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52365 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-52365
05 Feb 2025 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.... • https://www.ibm.com/support/pages/node/7182403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52364 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-52364
05 Feb 2025 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, ... • https://www.ibm.com/support/pages/node/7182403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49352 – IBM Cognos Anaytics XML external entity injection
https://notcve.org/view.php?id=CVE-2024-49352
05 Feb 2025 — IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7181480 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45657 – IBM Security Verify Access incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2024-45657
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. • https://www.ibm.com/support/pages/node/7182386 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35138 – IBM Security Verify Access cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-35138
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7182386 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43187 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-43187
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. • https://www.ibm.com/support/pages/node/7182386 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45658 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-45658
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7182386 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40700 – IBM Security Verify Access cross-site scripting
https://notcve.org/view.php?id=CVE-2024-40700
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45659 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-45659
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7182386 • CWE-209: Generation of Error Message Containing Sensitive Information •