CVE-2024-41774 – IBM Common Licensing cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41774
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. • https://exchange.xforce.ibmcloud.com/vulnerabilities/350348 https://www.ibm.com/support/pages/node/7165251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-40697 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 https://www.ibm.com/support/pages/node/7165250 • CWE-521: Weak Password Requirements •
CVE-2023-50306 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50306
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. IBM Common Licensing 9.0 podría permitir a un usuario local enumerar nombres de usuario debido a una discrepancia de respuesta observable. ID de IBM X-Force: 273337. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273337 https://www.ibm.com/support/pages/node/7120660 • CWE-204: Observable Response Discrepancy •