CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45098 – IBM Aspera Faspex bypass security
https://notcve.org/view.php?id=CVE-2024-45098
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45074 – IBM webMethods Integration directory traversal
https://notcve.org/view.php?id=CVE-2024-45074
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7167245 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45075 – IBM webMethods Integration privilege escalation
https://notcve.org/view.php?id=CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. • https://www.ibm.com/support/pages/node/7167245 • CWE-308: Use of Single-factor Authentication •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45076 – IBM webMethods Integration code execution
https://notcve.org/view.php?id=CVE-2024-45076
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. • https://www.ibm.com/support/pages/node/7167245 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-35133 – IBM Security Verify Access HTTP open redirect
https://notcve.org/view.php?id=CVE-2024-35133
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. • https://github.com/Ozozuz/Ozozuz-IBM-Security-Verify-CVE-2024-35133 https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 https://www.ibm.com/support/pages/node/7166712 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •