CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28786 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2024-28786
27 Jan 2025 — IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173420 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37526 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-37526
27 Jan 2025 — IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. • https://www.ibm.com/support/pages/node/7173774 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27256 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2024-27256
27 Jan 2025 — IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt ... • https://www.ibm.com/support/pages/node/7157667 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52292 – IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2023-52292
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7176079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47159 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2023-47159
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. • https://www.ibm.com/support/pages/node/7176083 • CWE-204: Observable Response Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22316 – IBM Sterling File Gateway improper access control
https://notcve.org/view.php?id=CVE-2024-22316
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. • https://www.ibm.com/support/pages/node/7176083 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37527 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2024-37527
27 Jan 2025 — IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38320 – IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure
https://notcve.org/view.php?id=CVE-2024-38320
27 Jan 2025 — IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf... • https://www.ibm.com/support/pages/node/7173462 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38325 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38325
27 Jan 2025 — IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7168640 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46187 – IBM InfoSphere Master Data Management cross-site scripting
https://notcve.org/view.php?id=CVE-2023-46187
27 Jan 2025 — IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7173892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •