Ibm: Security Vulnerabilities
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Score
5.2
EPSS Score
0.0
Published
2024-12-19
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-18
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-18
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-12-18
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-12-18
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-12-18
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stores user credentials in plain text which can be read by an authenticated user with access to the pod.
CVSS Score
5.7
EPSS Score
0.0
Published
2024-12-18
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-12-18
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-12-18
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1
could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-17