CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28766 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28766
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7161444 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28770 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28770
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28771 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28771
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38009 – IBM Cognos Analytics Mobile information disclosure
https://notcve.org/view.php?id=CVE-2023-38009
26 Jan 2025 — IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. • https://www.ibm.com/support/pages/node/7172691 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50946 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50946
26 Jan 2025 — IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. • https://www.ibm.com/support/pages/node/7161947 • CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50945 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50945
26 Jan 2025 — IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. • https://www.ibm.com/support/pages/node/7161947 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31906 – IBM Automation Decision Services information disclosure
https://notcve.org/view.php?id=CVE-2024-31906
26 Jan 2025 — IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7150662 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35150 – IBM Maximo Application Suite log manipulation
https://notcve.org/view.php?id=CVE-2024-35150
25 Jan 2025 — IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. • https://www.ibm.com/support/pages/node/7180057 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35148 – IBM Maximo Application Suite SQL injection
https://notcve.org/view.php?id=CVE-2024-35148
25 Jan 2025 — IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7174952 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35144 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-35144
25 Jan 2025 — IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7174953 • CWE-540: Inclusion of Sensitive Information in Source Code •