CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43052 – IBM Control Center external service interaction
https://notcve.org/view.php?id=CVE-2023-43052
07 Mar 2025 — IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. • https://www.ibm.com/support/pages/node/7185102 • CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35894 – IBM Control Center HOST header injection
https://notcve.org/view.php?id=CVE-2023-35894
07 Mar 2025 — IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. • https://www.ibm.com/support/pages/node/7185101 • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35114 – IBM Control Center information disclosure
https://notcve.org/view.php?id=CVE-2024-35114
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. • https://www.ibm.com/support/pages/node/7174842 • CWE-204: Observable Response Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35113 – IBM Control Center information disclosure
https://notcve.org/view.php?id=CVE-2024-35113
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. • https://www.ibm.com/support/pages/node/7174796 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35112 – IBM Control Center cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35112
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174794 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35111 – IBM Control Center information disclosure
https://notcve.org/view.php?id=CVE-2024-35111
25 Jan 2025 — IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174806 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-35020 – IBM Sterling Control Center directory traversal
https://notcve.org/view.php?id=CVE-2023-35020
19 Jan 2024 — IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. IBM Sterling Control Center versión 6.3.0 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/257874 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20529
https://notcve.org/view.php?id=CVE-2021-20529
19 May 2021 — IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763. IBM Control Center versión 6.2.0.0, podría permitir a un usuario conseguir información confidencial de la versión que podría ser usada en futuros ataques contra el sistema. IBM X-Force ID: 198763 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198763 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20528
https://notcve.org/view.php?id=CVE-2021-20528
19 May 2021 — IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198761. IBM Control Center versión 6.2.0.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4072
https://notcve.org/view.php?id=CVE-2019-4072
09 May 2019 — IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064. IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition versión 5.2.1 hasta la versión 5... • http://www.ibm.com/support/docview.wss?uid=ibm10873036 • CWE-613: Insufficient Session Expiration •