7586 results (0.007 seconds)

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

14 Mar 2025 — IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7185938 • CWE-256: Plaintext Storage of a Password •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

14 Mar 2025 — IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. • https://www.ibm.com/support/pages/node/7185938 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

12 Mar 2025 — IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. • https://www.ibm.com/support/pages/node/7185527 • CWE-1286: Improper Validation of Syntactic Correctness of Input •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

11 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7185265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. • https://www.ibm.com/support/pages/node/7185282 • CWE-208: Observable Timing Discrepancy •

CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0

11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. • https://www.ibm.com/support/pages/node/7185282 • CWE-203: Observable Discrepancy •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

11 Mar 2025 — IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests. • https://www.ibm.com/support/pages/node/7185282 • CWE-787: Out-of-bounds Write •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

10 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. • https://www.ibm.com/support/pages/node/7185264 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

10 Mar 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7185259 • CWE-522: Insufficiently Protected Credentials •