CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55907 – IBM Cognos Mobile information disclosure
https://notcve.org/view.php?id=CVE-2024-55907
02 Mar 2025 — IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation. • https://www.ibm.com/support/pages/node/7184429 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0895 – IBM Cognos Mobile information disclosure
https://notcve.org/view.php?id=CVE-2025-0895
02 Mar 2025 — IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. • https://www.ibm.com/support/pages/node/7184430 • CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41778 – IBM Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-41778
01 Mar 2025 — IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7184423 • CWE-521: Weak Password Requirements •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2025-0160 – IBM FlashSystem code execution
https://notcve.org/view.php?id=CVE-2025-0160
28 Feb 2025 — IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service. • https://www.ibm.com/support/pages/node/7184182 • CWE-114: Process Control •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-0159 – IBM FlashSystem authentication bypass
https://notcve.org/view.php?id=CVE-2025-0159
28 Feb 2025 — IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. • https://www.ibm.com/support/pages/node/7184182 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0985 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2025-0985
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. • https://www.ibm.com/support/pages/node/7184453 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54175 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-54175
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. • https://www.ibm.com/support/pages/node/7184453 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-56340 – IBM Cognos Analytics path traversal
https://notcve.org/view.php?id=CVE-2024-56340
28 Feb 2025 — IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter. • https://github.com/MarioTesoro/CVE-2024-56340 • CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0823 – IBM MQ path traversal
https://notcve.org/view.php?id=CVE-2025-0823
28 Feb 2025 — IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7183676 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23225 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2025-23225
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. • https://www.ibm.com/support/pages/node/7183372 • CWE-230: Improper Handling of Missing Values •