
CVE-2024-45638 – IBM QRadar EDR information disclosure
https://notcve.org/view.php?id=CVE-2024-45638
14 Mar 2025 — IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7185938 • CWE-256: Plaintext Storage of a Password •

CVE-2024-45643 – IBM QRadar EDR information disclosure
https://notcve.org/view.php?id=CVE-2024-45643
14 Mar 2025 — IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. • https://www.ibm.com/support/pages/node/7185938 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVE-2025-2000 – Qiskit SDK code execution
https://notcve.org/view.php?id=CVE-2025-2000
14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •

CVE-2024-52362 – IBM App Connect Enterprise Certified Container denial of service
https://notcve.org/view.php?id=CVE-2024-52362
12 Mar 2025 — IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. • https://www.ibm.com/support/pages/node/7185527 • CWE-1286: Improper Validation of Syntactic Correctness of Input •

CVE-2024-56338 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-56338
11 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7185265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-22340 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2024-22340
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. • https://www.ibm.com/support/pages/node/7185282 • CWE-208: Observable Timing Discrepancy •

CVE-2024-41760 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2024-41760
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. • https://www.ibm.com/support/pages/node/7185282 • CWE-203: Observable Discrepancy •

CVE-2024-49823 – IBM Common Cryptographic Architecture denial of service
https://notcve.org/view.php?id=CVE-2024-49823
11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests. • https://www.ibm.com/support/pages/node/7185282 • CWE-787: Out-of-bounds Write •

CVE-2024-52905 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-52905
10 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. • https://www.ibm.com/support/pages/node/7185264 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVE-2024-47109 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2024-47109
10 Mar 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7185259 • CWE-522: Insufficiently Protected Credentials •