|
21
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.
New
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2024-35150
|
2025-01-26 00:15 |
2025-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
22
|
6.3 |
MEDIUM
Network
|
-
|
-
|
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker…
New
|
CWE-89
SQL Injection
|
CVE-2024-35148
|
2025-01-26 00:15 |
2025-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
6.1 |
MEDIUM
Network
|
-
|
-
|
IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-35145
|
2025-01-26 00:15 |
2025-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.
New
|
CWE-540
Inclusion of Sensitive Information in Source Code
|
CVE-2024-35144
|
2025-01-26 00:15 |
2025-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
25
|
8.8 |
HIGH
Network
|
-
|
-
|
IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the syst…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-39750
|
2025-01-25 23:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furth…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-35134
|
2025-01-25 23:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
27
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Control Center 6.2.1 and 6.3.1
could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
New
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2024-35114
|
2025-01-25 23:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
28
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Control Center 6.2.1 and 6.3.1
could allow an authenticated user to obtain sensitive information exposed through a directory listing.
New
|
CWE-548
Exposure of Information Through Directory Listing
|
CVE-2024-35113
|
2025-01-25 23:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Control Center 6.2.1 and 6.3.1
could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used i…
New
|
CWE-80
Basic XSS
|
CVE-2024-35112
|
2025-01-25 23:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in …
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-35111
|
2025-01-25 23:15 |
2025-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
