CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28799 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-28799
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287173 https://www.ibm.com/support/pages/node/7165488 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35124 – IBM OpenBMC authentication bypass
https://notcve.org/view.php?id=CVE-2024-35124
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 https://www.ibm.com/support/pages/node/7163195 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41774 – IBM Common Licensing cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41774
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. • https://exchange.xforce.ibmcloud.com/vulnerabilities/350348 https://www.ibm.com/support/pages/node/7165251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40697 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 https://www.ibm.com/support/pages/node/7165250 • CWE-521: Weak Password Requirements •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38382 – IBM Cloud Pak for Security session fixation
https://notcve.org/view.php?id=CVE-2022-38382
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672. IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233672 https://www.ibm.com/support/pages/node/7165286 • CWE-613: Insufficient Session Expiration •