cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-35114,https://securityvulnerability.io/vulnerability/CVE-2024-35114,Remote User Enumeration Vulnerability in IBM Control Center,"A vulnerability in IBM Control Center versions 6.2.1 and 6.3.1 permits a remote attacker to exploit discrepancies in login attempts, potentially allowing the enumeration of valid usernames. This weakness can lead to further attacks against the system, making it essential for organizations to implement security measures to mitigate the risk associated with unauthorized access.",IBM,Control Center,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T13:33:25.352Z,0
CVE-2024-35113,https://securityvulnerability.io/vulnerability/CVE-2024-35113,Directory Listing Exposure in IBM Control Center by IBM,"The vulnerability in IBM Control Center versions 6.2.1 and 6.3.1 could allow authenticated users to access sensitive information through unintended directory listings. This exposure can lead to the unauthorized disclosure of sensitive data, which may compromise the security of affected systems. Organizations utilizing these versions should assess their security posture and consider implementing mitigations as detailed in IBM's vendor advisory.",IBM,Control Center,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-25T13:32:39.872Z,0
CVE-2024-35112,https://securityvulnerability.io/vulnerability/CVE-2024-35112,Information Disclosure Vulnerability in IBM Control Center,"An information disclosure vulnerability exists in IBM Control Center versions 6.2.1 and 6.3.1, allowing remote attackers to gain access to sensitive information. This security flaw occurs when detailed technical error messages are generated and displayed in the browser, potentially providing attackers valuable insights that can be exploited for further attacks against the system.",IBM,Control Center,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-25T13:31:25.755Z,0
CVE-2024-35111,https://securityvulnerability.io/vulnerability/CVE-2024-35111,Information Disclosure Vulnerability in IBM Control Center,"An information disclosure vulnerability exists in IBM Control Center versions 6.2.1 and 6.3.1 that could allow a remote attacker to gain access to sensitive information. This occurs when the application returns detailed technical error messages in the browser, which may inadvertently expose data that can aid in subsequent attacks against the system. It's crucial for users to assess their current versions and apply necessary security measures to mitigate potential risks.",IBM,Control Center,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-25T13:29:55.296Z,0
CVE-2023-35020,https://securityvulnerability.io/vulnerability/CVE-2023-35020,IBM Sterling Control Center directory traversal,"IBM Sterling Control Center version 6.3.0 is susceptible to a directory traversal vulnerability, which enables remote attackers to manipulate URL requests by including 'dot dot' sequences. This exploitation could lead to unauthorized access to sensitive files within the system. Attackers sending specially crafted URL requests may gain visibility into arbitrary files, highlighting a significant security risk. Proper mitigation measures should be implemented to secure the affected systems against potential attacks. For further information, visit IBM's advisory page linked below.",IBM,Sterling Control Center,5.4,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2024-01-19T01:05:47.570Z,0
CVE-2021-20529,https://securityvulnerability.io/vulnerability/CVE-2021-20529,,IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.,IBM,Control Center,5.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2021-05-19T20:15:00.000Z,0
CVE-2021-20528,https://securityvulnerability.io/vulnerability/CVE-2021-20528,,IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198761.,IBM,Control Center,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-05-19T20:15:00.000Z,0
CVE-2017-1758,https://securityvulnerability.io/vulnerability/CVE-2017-1758,,"IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859.",IBM,"Control Center,Financial Transaction Manager,Transformation Extender Advanced",7.1,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2018-02-21T21:29:00.000Z,0
CVE-2016-0252,https://securityvulnerability.io/vulnerability/CVE-2016-0252,,IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.,IBM,Control Center,5.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2016-07-08T01:00:00.000Z,0
CVE-2014-0925,https://securityvulnerability.io/vulnerability/CVE-2014-0925,,Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.,IBM,Sterling Control Center,,,0.0006799999973736703,false,,false,false,false,,,false,false,,2014-05-30T21:00:00.000Z,0
CVE-2013-2969,https://securityvulnerability.io/vulnerability/CVE-2013-2969,,"Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.",IBM,Sterling Control Center,,,0.0006200000061653554,false,,false,false,false,,,false,false,,2013-06-19T14:00:00.000Z,0
CVE-2013-2968,https://securityvulnerability.io/vulnerability/CVE-2013-2968,,"An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.",IBM,Sterling Control Center,,,0.0011399999493733048,false,,false,false,false,,,false,false,,2013-06-19T14:00:00.000Z,0