CVSS: 5.9EPSS: %CPEs: 5EXPL: 0CVE-2024-27256 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2024-27256
27 Jan 2025 — IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7157667 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: %CPEs: 2EXPL: 0CVE-2023-47159 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2023-47159
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. • https://www.ibm.com/support/pages/node/7176083 • CWE-204: Observable Response Discrepancy •
CVSS: 5.9EPSS: %CPEs: 2EXPL: 0CVE-2024-38320 – IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure
https://notcve.org/view.php?id=CVE-2024-38320
27 Jan 2025 — IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7173462 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: %CPEs: 1EXPL: 0CVE-2024-38325 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38325
27 Jan 2025 — IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7168640 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.9EPSS: %CPEs: -EXPL: 0CVE-2025-24689 – WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24689
27 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. • https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability? • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28766 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28766
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7161444 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28770 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28770
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28771 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28771
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38009 – IBM Cognos Analytics Mobile information disclosure
https://notcve.org/view.php?id=CVE-2023-38009
26 Jan 2025 — IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. • https://www.ibm.com/support/pages/node/7172691 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50946 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50946
26 Jan 2025 — IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. • https://www.ibm.com/support/pages/node/7161947 • CWE-863: Incorrect Authorization •