CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49785 – IBM watsonx.ai cross-site scripting
https://notcve.org/view.php?id=CVE-2024-49785
12 Jan 2025 — IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7180723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41787 – IBM Engineering Requirements Management DOORS Next code execution
https://notcve.org/view.php?id=CVE-2024-41787
10 Jan 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. • https://www.ibm.com/support/pages/node/7180636 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22491 – IBM App Connect Enterprise Certified Container denial of service
https://notcve.org/view.php?id=CVE-2022-22491
09 Jan 2025 — IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12... • https://www.ibm.com/support/pages/node/7180500 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43176 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-43176
09 Jan 2025 — IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. • https://www.ibm.com/support/pages/node/7174640 • CWE-276: Incorrect Default Permissions CWE-282: Improper Ownership Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40679 – IBM Db2 information disclosure
https://notcve.org/view.php?id=CVE-2024-40679
08 Jan 2025 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. • https://www.ibm.com/support/pages/node/7175957 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22363 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2022-22363
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7179163 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20455 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2021-20455
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7179163 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40702 – IBM Cognos Controller improper certificate validation
https://notcve.org/view.php?id=CVE-2024-40702
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. • https://www.ibm.com/support/pages/node/7179163 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28778 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-28778
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. • https://www.ibm.com/support/pages/node/7179163 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25037 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-25037
07 Jan 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. • https://www.ibm.com/support/pages/node/7179163 • CWE-209: Generation of Error Message Containing Sensitive Information •