CVSS: 4.3EPSS: %CPEs: 2EXPL: 0CVE-2025-1112 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2025-1112
09 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users. • https://www.ibm.com/support/pages/node/7239151 • CWE-282: Improper Ownership Management •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2025-2670 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2025-2670
09 Jul 2025 — IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. • https://www.ibm.com/support/pages/node/7239153 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56468 – IBM InfoSphere Data Replication VSAM for z/OS Remote Source denial of service
https://notcve.org/view.php?id=CVE-2024-56468
08 Jul 2025 — IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. • https://www.ibm.com/support/pages/node/7239221 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27369 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2025-27369
08 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system. • https://www.ibm.com/support/pages/node/7239155 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49784 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2024-49784
08 Jul 2025 — IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data. • https://www.ibm.com/support/pages/node/7239145 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43039 – IBM OpenPages with Watson cross-site scripting
https://notcve.org/view.php?id=CVE-2023-43039
08 Jul 2025 — IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session • https://www.ibm.com/support/pages/node/7238923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2827 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2025-2827
08 Jul 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7239094 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2793 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-2793
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3630 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-3630
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43190 – IBM Engineering Requirements Management DOORS weak authentication
https://notcve.org/view.php?id=CVE-2024-43190
07 Jul 2025 — IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques. IBM Engineering Requirements Management DOORS 9.7.2.9, bajo ciertas configuraciones, podría permitir que un atacante remoto obtenga instrucciones de restablecimiento de contraseña de un usuario legítimo utilizando técnicas de intermediario. • https://www.ibm.com/support/pages/node/7238992 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •