CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45670 – IBM Security SOAR weak password recovery mechanism
https://notcve.org/view.php?id=CVE-2024-45670
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. • https://www.ibm.com/support/pages/node/7172206 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38319 – IBM Security SOAR code execution
https://notcve.org/view.php?id=CVE-2024-38319
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. IBM Security SOAR 51.0.2.0 podría permitir que un usuario autenticado ejecute código malicioso cargado desde un script especialmente manipulado. ID de IBM X-Force: 294830. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294830 https://www.ibm.com/support/pages/node/7158261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •