cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45650,https://securityvulnerability.io/vulnerability/CVE-2024-45650,Denial of Service Vulnerability in IBM Security Verify Directory,"IBM Security Verify Directory versions 10.0 through 10.0.3 are susceptible to a denial of service vulnerability triggered by LDAP extended operations. This issue can be exploited by sending malicious requests, potentially causing service interruptions and impacting overall system availability. Organizations using this product should assess their exposure to this vulnerability and implement appropriate security measures.",IBM,Security Verify Directory,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-31T15:07:24.198Z,0
CVE-2024-39750,https://securityvulnerability.io/vulnerability/CVE-2024-39750,Buffer Overflow Vulnerability in IBM Analytics Content Hub,"A buffer overflow vulnerability exists in IBM Analytics Content Hub 2.0 due to improper return length checking. This flaw could allow a remote authenticated attacker to exploit the vulnerability, potentially leading to arbitrary code execution on the affected system or causing the server to become unresponsive. It is critical for users to apply the necessary patches to safeguard their systems from such threats.",IBM,Analytics Content Hub,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-25T14:04:41.115Z,0
CVE-2024-40693,https://securityvulnerability.io/vulnerability/CVE-2024-40693,File Upload Vulnerability in IBM Planning Analytics by IBM,"IBM Planning Analytics versions 2.0 and 2.1 are susceptible to a file upload vulnerability due to inadequate validation of uploaded file content. This security flaw enables attackers to upload malicious executable files through the web interface, potentially leading to unauthorized access or the execution of harmful actions within the system. Users should implement immediate measures to secure their installations and mitigate the risk of exploitation.",IBM,Planning Analytics Local,8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-24T15:26:27.144Z,0
CVE-2024-25034,https://securityvulnerability.io/vulnerability/CVE-2024-25034,Malicious File Upload Vulnerability in IBM Planning Analytics,"IBM Planning Analytics versions 2.0 and 2.1 are susceptible to a file upload vulnerability due to a lack of validation for file types during the File Manager T1 process. This security flaw enables attackers to upload malicious executable files, which can subsequently be sent to unsuspecting victims for executing further exploits, potentially compromising system integrity and user data.",IBM,Planning Analytics Local,8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-24T15:25:05.723Z,0
CVE-2024-41739,https://securityvulnerability.io/vulnerability/CVE-2024-41739,Remote Action Exploit in IBM Cognos Dashboards on Cloud Pak for Data,"A vulnerability exists in IBM Cognos Dashboards versions 4.0.7 and 5.0.0 hosted on Cloud Pak for Data, which could enable remote attackers to execute unauthorized actions. This security flaw arises from dependency confusion, potentially compromising the integrity and confidentiality of user data.",IBM,Cognos Dashboards On Cloud Pak For Data,8.8,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-24T13:37:20.678Z,0
CVE-2024-31903,https://securityvulnerability.io/vulnerability/CVE-2024-31903,Arbitrary Code Execution Vulnerability in IBM Sterling B2B Integrator,"A vulnerability exists in IBM Sterling B2B Integrator Standard Edition that allows an attacker within the local network to execute arbitrary code on the system. This is due to improper deserialization of untrusted data, which can lead to exploitation of the affected versions. Proper validation of data is critical to preventing such security risks.",IBM,Sterling B2b Integrator Standard Edition,8.8,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,false,,2025-01-22T16:08:02.810Z,0
CVE-2024-45647,https://securityvulnerability.io/vulnerability/CVE-2024-45647,Password Modification Vulnerability in IBM Security Verify Access,"A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.8, including the Docker version. This flaw allows an unverified user to change the password of an expired user account without needing to know the original password, enabling unauthorized access to sensitive information and resources.",IBM,"Security Verify Access,Security Verify Access Docker",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-20T14:50:54.184Z,0
CVE-2024-41742,https://securityvulnerability.io/vulnerability/CVE-2024-41742,Denial of Service Vulnerability in IBM TXSeries for Multiplatforms,"IBM TXSeries for Multiplatforms 10.1 contains a vulnerability that could allow remote attackers to trigger a denial of service condition. The issue arises from the inadequate enforcement of timeout settings on individual read operations. By utilizing a slowloris-type attack, a malicious user could potentially exploit this flaw to disrupt service availability, leading to a severe impact on operations.",IBM,Txseries For Multiplatforms,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-19T15:03:26.761Z,0
CVE-2024-41743,https://securityvulnerability.io/vulnerability/CVE-2024-41743,Denial of Service Vulnerability in IBM TXSeries for Multiplatforms,"IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service attack due to improper allocation of resources, potentially allowing remote attackers to exploit persistent connections. This can lead to significant disruptions and service outages, highlighting the importance of prompt patching and mitigation strategies to safeguard operational continuity.",IBM,Txseries For Multiplatforms,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-19T15:02:53.897Z,0
CVE-2024-41783,https://securityvulnerability.io/vulnerability/CVE-2024-41783,Command Injection Vulnerability in IBM Sterling Secure Proxy,"The vulnerability in IBM Sterling Secure Proxy arises from improper validation of specific types of input, which could allow a privileged user to execute arbitrary commands on the underlying operating system. This flaw may lead to unauthorized access and manipulation of system resources, emphasizing the necessity for immediate technical interventions to mitigate exploitation risks.",IBM,Sterling Secure Proxy,9.1,CRITICAL,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-19T14:58:21.249Z,38
CVE-2024-38337,https://securityvulnerability.io/vulnerability/CVE-2024-38337,Unauthorized Access Vulnerability in IBM Sterling Secure Proxy,"IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 are affected by a vulnerability that allows unauthorized attackers to access or modify sensitive information. This stems from improper permission assignments, potentially exposing critical data to malicious actors. Organizations using these versions should evaluate their security posture and consider applying available updates to mitigate this risk.",IBM,Sterling Secure Proxy,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-19T14:56:18.995Z,0
CVE-2024-45662,https://securityvulnerability.io/vulnerability/CVE-2024-45662,Denial of Service Vulnerability in IBM Safer Payments,"IBM Safer Payments versions from 6.4.0.00 to 6.4.2.07, 6.5.0.00 to 6.5.0.05, and 6.6.0.00 to 6.6.0.03 are susceptible to a denial of service vulnerability. This flaw could be exploited by a remote attacker to disrupt service operations due to improper resource allocation within the application, potentially leading to a complete service denial. It’s essential for organizations utilizing these versions to assess their systems and implement necessary mitigations to safeguard against potential attacks.",IBM,Safer Payments,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-18T16:19:46.770Z,0
CVE-2024-47113,https://securityvulnerability.io/vulnerability/CVE-2024-47113,Remote Code Injection Vulnerability in IBM ICP - Voice Gateway,"The IBM ICP - Voice Gateway versions 1.0.2 through 1.0.8 contain a vulnerability that allows remote attackers to exploit specially crafted XML commands. This vulnerability can enable them to view or modify sensitive information contained in the XML documents, posing a significant risk to the confidentiality and integrity of the data processed by the gateway.",IBM,Voice Gateway,8.1,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-18T15:29:40.728Z,0
CVE-2024-41746,https://securityvulnerability.io/vulnerability/CVE-2024-41746,Stored Cross-Site Scripting Vulnerability in IBM CICS TX,"IBM CICS TX, specifically versions Advanced 10.1, 11.1, and Standard 11.1, exposes a security flaw that permits attackers to inject arbitrary JavaScript code into the Web UI. This stored cross-site scripting vulnerability could compromise user sessions, potentially leading to the unauthorized disclosure of user credentials by altering the application's intended functionality, creating a significant security risk for users.",IBM,"Cics Tx Advanced,Cics Tx Standard",7.2,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-16T17:13:53.888Z,0
CVE-2024-41787,https://securityvulnerability.io/vulnerability/CVE-2024-41787,Remote Code Execution Vulnerability in IBM Engineering Requirements Management DOORS,"A vulnerability in IBM Engineering Requirements Management DOORS versions 7.0.2 and 7.0.3 allows attackers to bypass security restrictions due to a race condition. An attacker can exploit this issue by sending a specially crafted request, potentially leading to remote code execution, compromising the integrity and confidentiality of the system.",IBM,Engineering Requirements Management Doors Next,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-10T13:18:51.866Z,146
CVE-2024-40702,https://securityvulnerability.io/vulnerability/CVE-2024-40702,Unauthorized Access Risk in IBM Cognos Controller and IBM Controller Products,"IBM Cognos Controller versions 11.0.0 through 11.0.1 and IBM Controller version 11.1.0 are susceptible to a vulnerability that could allow unauthorized users to obtain valid tokens, granting them access to protected resources. This flaw arises from improper validation of certificates, highlighting the need for rigorous security measures to prevent unauthorized resource access.",IBM,,8.2,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2024-41766,https://securityvulnerability.io/vulnerability/CVE-2024-41766,Denial of Service Vulnerability in IBM Engineering Lifecycle Optimization Products,"The vulnerability in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 involves the use of complex regular expressions that can be manipulated by remote attackers. Successfully exploiting this flaw could lead to a denial of service, negatively impacting the availability of the affected products and disrupting business continuity. Organizations utilizing these versions should take immediate steps to address this issue and enhance their security posture.",IBM,Engineering Lifecycle Optimization Publishing,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-04T14:37:08.203Z,0
CVE-2024-41767,https://securityvulnerability.io/vulnerability/CVE-2024-41767,SQL Injection Vulnerability in IBM Engineering Lifecycle Optimization - Publishing,"The SQL injection vulnerability in IBM Engineering Lifecycle Optimization - Publishing affects versions 7.0.2 and 7.0.3. This security issue arises when a remote attacker exploits weaknesses in the application by sending specially crafted SQL statements. By doing so, the attacker may gain unauthorized access to the back-end database, potentially allowing them to view, add, modify, or delete critical information. Organizations using these versions are advised to apply the latest security patches and adopt best practices to mitigate the risks associated with SQL injection attacks.",IBM,Engineering Lifecycle Optimization Publishing,7.3,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-04T14:27:46.134Z,0
CVE-2024-54181,https://securityvulnerability.io/vulnerability/CVE-2024-54181,Remote Code Execution Vulnerability in IBM WebSphere Automation,"IBM WebSphere Automation version 1.7.5 presents a significant security risk that enables a remote privileged user, granted access to the swagger UI, to execute arbitrary code. By utilizing specially crafted input, an attacker can exploit this vulnerability to gain control of the system, leading to potential data breaches or further compromise. Organizations using this version are advised to implement appropriate security measures and monitor for suspicious activities.",IBM,Websphere Automation,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2024-12-30T13:41:57.834Z,0
CVE-2024-39727,https://securityvulnerability.io/vulnerability/CVE-2024-39727,Web Link Vulnerability in IBM Engineering Insights Product Line,IBM Engineering Lifecycle Optimization - Engineering Insights versions 7.0.2 and 7.0.3 contain a significant vulnerability resulting from the use of web links with untrusted references to external sites. A remote attacker can exploit this issue to expose sensitive information or execute unauthorized actions through the victim's web browser. Organizations utilizing these affected versions should assess their security posture and take appropriate measures to mitigate potential risks.,IBM,Engineering Insights,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-12-25T13:59:06.713Z,0
CVE-2024-51466,https://securityvulnerability.io/vulnerability/CVE-2024-51466,Expression Language Injection Vulnerability in IBM Cognos Analytics,"CVE-2024-51466 identifies a critical Expression Language (EL) Injection vulnerability found in IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4. This vulnerability allows remote attackers to manipulate EL statements, potentially exposing sensitive information, monopolizing system memory resources, and leading to server crashes. Organizations using affected versions should prioritize updating their systems to mitigate these risks and protect against potential exploitation.",IBM,,9,CRITICAL,0.001290000043809414,false,,false,false,false,,,false,false,,2024-12-20T14:15:00.000Z,0
CVE-2024-40695,https://securityvulnerability.io/vulnerability/CVE-2024-40695,File Upload Vulnerability in IBM Cognos Analytics,"The vulnerability designated as CVE-2024-40695 affects specific versions of IBM Cognos Analytics, exposing the software to a significant security threat due to improper validation of uploaded files. From versions 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4, this flaw allows attackers to upload malicious executable files via the web interface. Such unregulated file uploads could lead to severe exploits, enabling cybercriminals to execute harmful actions on compromised systems, further endangering sensitive data and network integrity. Prompt remediation and strict upload validation protocols are essential to mitigate this risk. For more details on this vulnerability, please refer to the IBM support page.",IBM,,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-20T14:15:00.000Z,0
CVE-2024-35141,https://securityvulnerability.io/vulnerability/CVE-2024-35141,Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker,"CVE-2024-35141 is a local privilege escalation vulnerability found in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6. This vulnerability arises from inadequate execution permissions that may allow a local user to gain elevated privileges. This could potentially enable attackers to execute unauthorized actions on the system, posing significant security risks. It is crucial for organizations utilizing affected versions to implement the necessary patches and updates as recommended by IBM to mitigate this vulnerability. For more information, refer to the vendor advisory at IBM's support page.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T01:10:05.711Z,0
CVE-2024-49819,https://securityvulnerability.io/vulnerability/CVE-2024-49819,Sensitive Data Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49819 is a critical vulnerability found in specific versions of IBM Security Guardium Key Lifecycle Manager, namely 4.1, 4.1.1, 4.2.0, and 4.2.1. This vulnerability allows a remote attacker to intercept and retrieve sensitive information transmitted in cleartext over insecure communication channels. Unauthorized access to such data poses significant risks, including data breaches and unauthorized disclosure of sensitive corporate information. It is crucial for users of the affected products to apply necessary patches and security measures to mitigate potential threats. For detailed guidance, refer to IBM's support page.",IBM,Security Guardium Key Lifecycle Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-31891,https://securityvulnerability.io/vulnerability/CVE-2024-31891,Local Privilege Escalation Vulnerability in IBM Storage Scale GUI,"CVE-2024-31891 is a critical local privilege escalation vulnerability found in IBM Storage Scale GUI versions 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1. This vulnerability allows a malicious actor with command line access to the 'scalemgmt' user to exploit the system and elevate their privileges to gain root access to the underlying operating system. If exploited, this vulnerability could lead to unauthorized actions and significant security risks for affected environments. It is crucial for users running these versions to apply security patches and ensure proper access controls are in place to mitigate risk.",IBM,Storage Scale,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-14T13:01:34.292Z,0