CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39752 – IBM Analytics Content Hub file upload
https://notcve.org/view.php?id=CVE-2024-39752
10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. • https://www.ibm.com/support/pages/node/7234122 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38327 – IBM Analytics Content Hub information disclosure
https://notcve.org/view.php?id=CVE-2024-38327
10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. • https://www.ibm.com/support/pages/node/7234122 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-36090 – IBM Analytics Content Hub information disclosure
https://notcve.org/view.php?id=CVE-2025-36090
10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. • https://www.ibm.com/support/pages/node/7234122 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37524 – IBM Analytics Content Hub information disclosure
https://notcve.org/view.php?id=CVE-2024-37524
10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. • https://www.ibm.com/support/pages/node/7234122 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35134 – IBM Analytics Content Hub information disclosure
https://notcve.org/view.php?id=CVE-2024-35134
25 Jan 2025 — IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7172787 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39750 – IBM Analytics Content Hub buffer overflow
https://notcve.org/view.php?id=CVE-2024-39750
25 Jan 2025 — IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. • https://www.ibm.com/support/pages/node/7172787 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •