CVE-2024-28772 – IBM Security Directory Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28772
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285645 https://www.ibm.com/support/pages/node/7161448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-32759 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-32759
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 https://www.ibm.com/support/pages/node/7161446 • CWE-613: Insufficient Session Expiration •
CVE-2024-37533 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-37533
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 https://www.ibm.com/support/pages/node/7159173 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2023-50304 – IBM Engineering Requirements Management DOORS XML external entity injection
https://notcve.org/view.php?id=CVE-2023-50304
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335. IBM Engineering Requisitos Management DOORS Web Access 9.7.2.8 es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273335 https://www.ibm.com/support/pages/node/7160471 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-28796
https://notcve.org/view.php?id=CVE-2024-28796
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833. IBM ClearQuest (CQ) 9.1 a 9.1.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286833 https://www.ibm.com/support/pages/node/7160390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •