CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35113 – IBM Control Center information disclosure
https://notcve.org/view.php?id=CVE-2024-35113
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. • https://www.ibm.com/support/pages/node/7174796 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35112 – IBM Control Center cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35112
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174794 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35111 – IBM Control Center information disclosure
https://notcve.org/view.php?id=CVE-2024-35111
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174806 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 2.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35122 – IBM i denial of service
https://notcve.org/view.php?id=CVE-2024-35122
24 Jan 2025 — IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. • https://www.ibm.com/support/pages/node/7178317 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45077 – IBM Maximo Asset Management file upload
https://notcve.org/view.php?id=CVE-2024-45077
24 Jan 2025 — IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. • https://www.ibm.com/support/pages/node/7174819 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40693 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2024-40693
24 Jan 2025 — IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. • https://www.ibm.com/support/pages/node/7168387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25034 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2024-25034
24 Jan 2025 — IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. • https://www.ibm.com/support/pages/node/7168387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40706 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-40706
24 Jan 2025 — IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7169826 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41757 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-41757
24 Jan 2025 — IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173596 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41739 – IBM Cognos Dashboards on Cloud Pak for Data privilege escalation
https://notcve.org/view.php?id=CVE-2024-41739
24 Jan 2025 — IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion. • https://www.ibm.com/support/pages/node/7177766 • CWE-427: Uncontrolled Search Path Element •