CVE-2024-41745 – IBM CICS TX Standard cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41745
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41741 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-41741
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174572 • CWE-208: Observable Timing Discrepancy •
CVE-2024-41738 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-41738
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. • https://www.ibm.com/support/pages/node/7174572 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVE-2024-45656 – IBM Flexible Service Processor hard coded credentials
https://notcve.org/view.php?id=CVE-2024-45656
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. • https://www.ibm.com/support/pages/node/7174183 • CWE-798: Use of Hard-coded Credentials •
CVE-2024-49340 – IBM Watson Studio Local cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-49340
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/1144438 • CWE-352: Cross-Site Request Forgery (CSRF) •