Page 7 of 7184 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274713 https://www.ibm.com/support/pages/node/7165502 • CWE-295: Improper Certificate Validation •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573. A flaw was found in IBM SDK, Java Technology Edition. A race condition in the management of ORB listener threads can cause a remote denial of service. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284573 https://www.ibm.com/support/pages/node/7165421 https://access.redhat.com/security/cve/CVE-2024-27267 https://bugzilla.redhat.com/show_bug.cgi?id=2304975 • CWE-300: Channel Accessible by Non-Endpoint •

CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287173 https://www.ibm.com/support/pages/node/7165488 • CWE-214: Invocation of Process Using Visible Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 https://www.ibm.com/support/pages/node/7163195 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. • https://exchange.xforce.ibmcloud.com/vulnerabilities/350348 https://www.ibm.com/support/pages/node/7165251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •