CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28780 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-28780
19 Feb 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7183597 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45081 – IBM Cognos Controller incorrect authorization
https://notcve.org/view.php?id=CVE-2024-45081
19 Feb 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks. • https://www.ibm.com/support/pages/node/7183597 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45084 – IBM Cognos Controller CSV injection
https://notcve.org/view.php?id=CVE-2024-45084
19 Feb 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents. • https://www.ibm.com/support/pages/node/7183597 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52902 – IBM Cognos Controller information disclosure
https://notcve.org/view.php?id=CVE-2024-52902
19 Feb 2025 — IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system. • https://www.ibm.com/support/pages/node/7183597 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56463 – IBM QRadar SIEM cross-site scripting
https://notcve.org/view.php?id=CVE-2024-56463
14 Feb 2025 — IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7183251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56477 – IBM Power Hardware Management Console directory traversal
https://notcve.org/view.php?id=CVE-2024-56477
14 Feb 2025 — IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7183224 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52895 – IBM i denial of service
https://notcve.org/view.php?id=CVE-2024-52895
14 Feb 2025 — IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database. • https://www.ibm.com/support/pages/node/7183052 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-55904 – IBM DevOps Deploy / IBM UrbanCode Deploy command injection
https://notcve.org/view.php?id=CVE-2024-55904
14 Feb 2025 — IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. • https://www.ibm.com/support/pages/node/7182841 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54176 – IBM UrbanCode Deploy missing authentication
https://notcve.org/view.php?id=CVE-2024-54176
08 Feb 2025 — IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. • https://www.ibm.com/support/pages/node/7182840 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52892 – IBM Jazz for Service Management Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-52892
06 Feb 2025 — IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •