CVE-2023-50314 – IBM WebSphere Application Server Libery information disclosure
https://notcve.org/view.php?id=CVE-2023-50314
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274713 https://www.ibm.com/support/pages/node/7165502 • CWE-295: Improper Certificate Validation •
CVE-2024-27267 – IBM SDK, Java Technology Edition denial of service
https://notcve.org/view.php?id=CVE-2024-27267
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573. A flaw was found in IBM SDK, Java Technology Edition. A race condition in the management of ORB listener threads can cause a remote denial of service. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284573 https://www.ibm.com/support/pages/node/7165421 https://access.redhat.com/security/cve/CVE-2024-27267 https://bugzilla.redhat.com/show_bug.cgi?id=2304975 • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2024-28799 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-28799
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287173 https://www.ibm.com/support/pages/node/7165488 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVE-2024-35124 – IBM OpenBMC authentication bypass
https://notcve.org/view.php?id=CVE-2024-35124
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 https://www.ibm.com/support/pages/node/7163195 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2024-41774 – IBM Common Licensing cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41774
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. • https://exchange.xforce.ibmcloud.com/vulnerabilities/350348 https://www.ibm.com/support/pages/node/7165251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •