CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40697 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 https://www.ibm.com/support/pages/node/7165250 • CWE-521: Weak Password Requirements •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38382 – IBM Cloud Pak for Security session fixation
https://notcve.org/view.php?id=CVE-2022-38382
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672. IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233672 https://www.ibm.com/support/pages/node/7165286 • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39751 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-39751
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 • https://exchange.xforce.ibmcloud.com/vulnerabilities/297429 https://www.ibm.com/support/pages/node/7160580 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 https://www.ibm.com/support/pages/node/7161469 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26288 – IBM Aspera Orchestrator session fixation
https://notcve.org/view.php?id=CVE-2023-26288
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248477 https://www.ibm.com/support/pages/node/7161538 • CWE-613: Insufficient Session Expiration •