CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52905 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-52905
10 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. • https://www.ibm.com/support/pages/node/7185264 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47109 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2024-47109
10 Mar 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7185259 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43052 – IBM Control Center external service interaction
https://notcve.org/view.php?id=CVE-2023-43052
07 Mar 2025 — IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. • https://www.ibm.com/support/pages/node/7185102 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35894 – IBM Control Center HOST header injection
https://notcve.org/view.php?id=CVE-2023-35894
07 Mar 2025 — IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. • https://www.ibm.com/support/pages/node/7185101 • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0162 – IBM Aspera Shares XML external entity injection
https://notcve.org/view.php?id=CVE-2025-0162
07 Mar 2025 — IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7185096 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51476 – IBM Concert Software information disclosure
https://notcve.org/view.php?id=CVE-2024-51476
06 Mar 2025 — IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. • https://www.ibm.com/support/pages/node/7184961 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41771 – IBM Engineering Requirements Management DOORS Next information disclosure
https://notcve.org/view.php?id=CVE-2024-41771
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. • https://www.ibm.com/support/pages/node/7184663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41770 – IBM Engineering Requirements Management DOORS Next information disclosure
https://notcve.org/view.php?id=CVE-2024-41770
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. • https://www.ibm.com/support/pages/node/7184663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43169 – IBM Engineering Requirements Management DOORS Next file download
https://notcve.org/view.php?id=CVE-2024-43169
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. • https://www.ibm.com/support/pages/node/7184506 • CWE-494: Download of Code Without Integrity Check •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54179 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2024-54179
03 Mar 2025 — IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7184647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •