CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45672 – IBM Security Verify Bridge data manipulation
https://notcve.org/view.php?id=CVE-2024-45672
23 Jan 2025 — IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service. • https://www.ibm.com/support/pages/node/7181370 • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23227 – IBM Tivoli Application Dependency Discovery Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2025-23227
23 Jan 2025 — IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7181334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50309 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50309
23 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... • https://www.ibm.com/support/pages/node/7176082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32340 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-32340
23 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7176082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51457 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2024-51457
22 Jan 2025 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7181230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 16%CPEs: 2EXPL: 1CVE-2024-31903 – IBM Sterling B2B Integrator Standard Edition code execution
https://notcve.org/view.php?id=CVE-2024-31903
22 Jan 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. • https://github.com/WithSecureLabs/ibm-sterling-b2b-integrator-poc • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45091 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2024-45091
21 Jan 2025 — IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.24, 7.1 a 7.1.2.10 y 7.2 a 7.2.3.13 almacena información potencialmente confidencial en archivos de registro que podrían ser leídos por un usuario local con acceso a los registros de solicitudes HTTP. • https://www.ibm.com/support/pages/node/7177857 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22349 – IBM UrbanCode Velocity information disclosure
https://notcve.org/view.php?id=CVE-2024-22349
20 Jan 2025 — IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7172750 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22347 – IBM UrbanCode Velocity information disclosure
https://notcve.org/view.php?id=CVE-2024-22347
20 Jan 2025 — IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7172750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22348 – IBM UrbanCode Velocity cross-origin resource sharing
https://notcve.org/view.php?id=CVE-2024-22348
20 Jan 2025 — IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. • https://www.ibm.com/support/pages/node/7172750 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •