CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35124 – IBM OpenBMC authentication bypass
https://notcve.org/view.php?id=CVE-2024-35124
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 https://www.ibm.com/support/pages/node/7163195 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41774 – IBM Common Licensing cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41774
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. • https://exchange.xforce.ibmcloud.com/vulnerabilities/350348 https://www.ibm.com/support/pages/node/7165251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40697 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 https://www.ibm.com/support/pages/node/7165250 • CWE-521: Weak Password Requirements •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38382 – IBM Cloud Pak for Security session fixation
https://notcve.org/view.php?id=CVE-2022-38382
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233672 https://www.ibm.com/support/pages/node/7165286 • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39751 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-39751
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 • https://exchange.xforce.ibmcloud.com/vulnerabilities/297429 https://www.ibm.com/support/pages/node/7160580 • CWE-209: Generation of Error Message Containing Sensitive Information •