Ibm: Security Vulnerabilities
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-12
IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-01-12
IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-01-12
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-01-10
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-09
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-01-09
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-01-08
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-07
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-01-07
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-07