CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38325 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38325
27 Jan 2025 — IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7168640 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28766 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28766
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7161444 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28770 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28770
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28771 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28771
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24689 – WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24689
27 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. ... The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.27.12. • https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38009 – IBM Cognos Analytics Mobile information disclosure
https://notcve.org/view.php?id=CVE-2023-38009
26 Jan 2025 — IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. • https://www.ibm.com/support/pages/node/7172691 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50946 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50946
26 Jan 2025 — IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. • https://www.ibm.com/support/pages/node/7161947 • CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50945 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50945
26 Jan 2025 — IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. • https://www.ibm.com/support/pages/node/7161947 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31906 – IBM Automation Decision Services information disclosure
https://notcve.org/view.php?id=CVE-2024-31906
26 Jan 2025 — IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7150662 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35144 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-35144
25 Jan 2025 — IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7174953 • CWE-540: Inclusion of Sensitive Information in Source Code •