
CVE-2023-43035 – IBM Sterling Control Center information disclosure
https://notcve.org/view.php?id=CVE-2023-43035
10 Apr 2025 — IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7230561 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •

CVE-2023-42007 – IBM Sterling Control Center cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42007
10 Apr 2025 — IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7230560 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-35020 – IBM Sterling Control Center directory traversal
https://notcve.org/view.php?id=CVE-2023-35020
19 Jan 2024 — IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. IBM Sterling Control Center versión 6.3.0 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/257874 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2016-0252
https://notcve.org/view.php?id=CVE-2016-0252
08 Jul 2016 — IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. IBM Control Center 6.x en versiones anteriores a 6.0.0.1 iFix06 y Sterling Control Center 5.4.x en versiones anteriores a 5.4.2.1 iFix09 permiten a usuarios locales descifrar la clave maestra a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21985641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2014-0925
https://notcve.org/view.php?id=CVE-2014-0925
30 May 2014 — Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM Sterling Control Center 5.4.0 anterior a 5.4.0.1 iFix 3 y 5.4.1 anterior a 5.4.1.0 iFix 2 permite a usuarios remotos autenticados redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una ... • http://www-01.ibm.com/support/docview.wss?uid=swg21673004 •

CVE-2013-2969
https://notcve.org/view.php?id=CVE-2013-2969
19 Jun 2013 — Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters. Vulnerabilidad Cross-site scripting (XSS) en IBM Sterling Control Center (SCC) v5.2 anterior a v5.2.0.9, v5.3 anterior a v5.3.0.4, y v5.4 hasta la v5.4.0.1 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de ... • http://www-01.ibm.com/support/docview.wss?uid=swg21640348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2013-2968
https://notcve.org/view.php?id=CVE-2013-2968
19 Jun 2013 — An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters. Un método de búfer de lectura no especificado en IBM Sterling Control Center (SCC) v5.2 anterior a v5.2.0.9, v5.3 anterior a v5.3.0.4, y v5.4 hasta v5.4.0.1 permite a usuarios remotos autenticados provocar una denegación de servicio a través de un archivo de gra... • http://www-01.ibm.com/support/docview.wss?uid=swg21640348 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •