IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-19
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-03
Updated
2024-03-04
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.
Max CVSS
6.5
EPSS Score
N/A
Published
2024-03-21
Updated
2024-03-21
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.
Max CVSS
5.1
EPSS Score
0.04%
Published
2024-02-17
Updated
2024-02-20
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.
Max CVSS
5.1
EPSS Score
0.04%
Published
2024-02-17
Updated
2024-02-20
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.
Max CVSS
5.1
EPSS Score
0.04%
Published
2024-02-17
Updated
2024-02-20
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-16
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-13

CVE-2024-22318

Public exploit
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
Max CVSS
5.5
EPSS Score
0.06%
Published
2024-02-09
Updated
2024-02-16
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-10
Updated
2024-02-15
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-01-19
Updated
2024-01-24
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-01-17
Updated
2024-01-24
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
Max CVSS
5.4
EPSS Score
0.05%
Published
2024-02-04
Updated
2024-02-10
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
Max CVSS
6.3
EPSS Score
0.04%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.
Max CVSS
6.5
EPSS Score
0.08%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.
Max CVSS
5.3
EPSS Score
0.06%
Published
2024-02-02
Updated
2024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.
Max CVSS
5.3
EPSS Score
0.06%
Published
2024-02-02
Updated
2024-02-02
IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!