Ibm: Security Vulnerabilities
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
CVSS Score
4.9
EPSS Score
0.0
Published
2024-12-17
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-12-17
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-14
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1
contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-12-14
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-12
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-11
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
CVSS Score
3.1
EPSS Score
0.001
Published
2024-12-11
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
CVSS Score
2.5
EPSS Score
0.0
Published
2024-12-11
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-12-11
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
6.4
EPSS Score
0.0
Published
2024-12-07