CVE-2024-25031 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-25031
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante en la red utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 281678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281678 https://www.ibm.com/support/pages/node/7158446 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2024-35156 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35156
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. IBM MQ 9.3 LTS y 9.3 CD podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 https://www.ibm.com/support/pages/node/7158058 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-35155 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35155
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. IBM MQ Console 9.3 LTS y 9.3 CD podrían revelar que podrían permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292765 https://www.ibm.com/support/pages/node/7158059 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-35139 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2024-35139
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría permitir que un usuario local obtenga información confidencial del contenedor debido a permisos predeterminados incorrectos. ID de IBM X-Force: 292415. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292415 https://www.ibm.com/support/pages/node/7158790 • CWE-276: Incorrect Default Permissions •
CVE-2024-35137 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2024-35137
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413. IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría permitir que un usuario local posiblemente eleve sus privilegios debido a la exposición de información de configuración confidencial. ID de IBM X-Force: 292413. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292413 https://www.ibm.com/support/pages/node/7158790 • CWE-258: Empty Password in Configuration File •