CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47113 – IBM ICP - Voice Gateway XML injection
https://notcve.org/view.php?id=CVE-2024-47113
18 Jan 2025 — IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document. IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document. • https://www.ibm.com/support/pages/node/7175791 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49354 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-49354
18 Jan 2025 — IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. • https://www.ibm.com/support/pages/node/7174120 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49824 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2024-49824
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. • https://www.ibm.com/support/pages/node/7177587 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51448 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2024-51448
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. • https://www.ibm.com/support/pages/node/7177586 • CWE-277: Insecure Inherited Permissions •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49338 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-49338
18 Jan 2025 — IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. • https://www.ibm.com/support/pages/node/7175396 • CWE-1323: Improper Management of Sensitive Trace Data •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51462 – IBM QRadar WinCollect Agent data manipulation
https://notcve.org/view.php?id=CVE-2024-51462
17 Jan 2025 — IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. • https://www.ibm.com/support/pages/node/7176043 • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52363 – IBM InfoSphere Information Server directory traversal
https://notcve.org/view.php?id=CVE-2024-52363
17 Jan 2025 — IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7176515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41746 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41746
16 Jan 2025 — IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52898 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-52898
14 Jan 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. • https://www.ibm.com/support/pages/node/7179150 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51456 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2024-51456
12 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. • https://www.ibm.com/support/pages/node/7180685 • CWE-780: Use of RSA Algorithm without OAEP •