CVE-2024-35133 – IBM Security Verify Access HTTP open redirect
https://notcve.org/view.php?id=CVE-2024-35133
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. • https://github.com/Ozozuz/Ozozuz-IBM-Security-Verify-CVE-2024-35133 https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 https://www.ibm.com/support/pages/node/7166712 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-35118 – IBM MaaS360 information disclosure
https://notcve.org/view.php?id=CVE-2024-35118
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. • https://www.ibm.com/support/pages/node/7166750 https://exchange.xforce.ibmcloud.com/vulnerabilities/290341 • CWE-798: Use of Hard-coded Credentials •
CVE-2023-47728 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2023-47728
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. • https://www.ibm.com/support/pages/node/7161427 https://exchange.xforce.ibmcloud.com/vulnerabilities/272201 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2022-33162 – IBM Directory Server buffer overflow
https://notcve.org/view.php?id=CVE-2022-33162
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 228570. IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228570 https://www.ibm.com/support/pages/node/7161442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-31905 – IBM QRadar Network Packet Capture information disclosure
https://notcve.org/view.php?id=CVE-2024-31905
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858. • https://www.ibm.com/support/pages/node/7160961 https://exchange.xforce.ibmcloud.com/vulnerabilities/289858 • CWE-311: Missing Encryption of Sensitive Data •