cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-54176,https://securityvulnerability.io/vulnerability/CVE-2024-54176,Missing Authorization in IBM DevOps Deploy and UrbanCode Deploy Products,"IBM DevOps Deploy versions 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2 contain a vulnerability that allows authenticated users to gain access to sensitive data belonging to other users. This issue arises from inadequate authorization checks for certain functions within the system. Organizations using these IBM products should take immediate action to secure their environments.",IBM,"Urbancode Deploy,Devops Deploy",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-08T16:15:40.041Z,0
CVE-2025-0158,https://securityvulnerability.io/vulnerability/CVE-2025-0158,Denial of Service Vulnerability in IBM EntireX 11.1,"IBM EntireX version 11.1 contains a vulnerability that could enable a local user to create a denial of service condition. This occurs due to an unhandled error, which hampers fault isolation within the system, potentially leading to disruptions in service and impaired functionality. Users should be aware of this issue to prevent exploitation and maintain system integrity.",IBM,Entirex,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-06T20:32:03.556Z,0
CVE-2024-56467,https://securityvulnerability.io/vulnerability/CVE-2024-56467,Local Information Disclosure in IBM EntireX 11.1,"IBM EntireX version 11.1 contains a vulnerability that may permit local users to access sensitive information unintentionally revealed by detailed technical error messages. This information leakage poses a risk for potential exploitation, as it can be utilized for subsequent attacks against the affected system. Organizations using this version of EntireX should implement measures to mitigate exposure and consider applying vendor-recommended updates.",IBM,Entirex,3.3,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-06T20:30:45.432Z,0
CVE-2024-54171,https://securityvulnerability.io/vulnerability/CVE-2024-54171,XML External Entity Injection Vulnerability in IBM EntireX 11.1,"IBM EntireX 11.1 is susceptible to an XML external entity injection attack when handling XML data. An authenticated attacker might exploit this vulnerability to gain access to sensitive information or deplete memory resources, posing significant risks to the system's integrity and availability.",IBM,Entirex,7.1,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-02-06T20:29:04.129Z,0
CVE-2024-52892,https://securityvulnerability.io/vulnerability/CVE-2024-52892,Cross-Site Scripting Vulnerability in IBM Jazz for Service Management,"IBM Jazz for Service Management versions 1.1.3 through 1.1.3.23 have a vulnerability allowing unauthenticated attackers to insert malicious JavaScript code into the Web UI. This code execution can manipulate the interface, potentially leading to the disclosure of sensitive user credentials during active sessions. Such vulnerabilities can significantly compromise user security and data integrity.",IBM,Jazz For Service Management,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-06T19:27:39.422Z,0
CVE-2025-0799,https://securityvulnerability.io/vulnerability/CVE-2025-0799,Improper Pathname Limitations in IBM App Connect Enterprise Affecting Multiple Versions,"A vulnerability in IBM App Connect Enterprise allows authenticated users to exploit incorrect pathname restrictions during the bar configuration deployment process. This flaw could enable such users to write to arbitrary files on the underlying system, potentially compromising the integrity and confidentiality of sensitive data. Ensuring proper security measures and updates are vital to mitigate this risk.",IBM,IBM App Connect Enterprise,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-06T00:24:40.878Z,0
CVE-2024-51450,https://securityvulnerability.io/vulnerability/CVE-2024-51450,Command Injection Vulnerability in IBM Security Verify Directory,"A command injection vulnerability exists in IBM Security Verify Directory versions 10.0.0 through 10.0.3. This vulnerability allows a remote authenticated attacker to send a specially crafted request that may enable unauthorized execution of arbitrary commands on the affected system, potentially compromising its integrity and confidentiality. Proper security measures should be considered to mitigate the risks associated with this vulnerability.",IBM,Security Verify Directory,9.1,CRITICAL,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-06T00:15:03.488Z,192
CVE-2024-49797,https://securityvulnerability.io/vulnerability/CVE-2024-49797,Information Disclosure Vulnerability in IBM ApplinX by IBM,"IBM ApplinX 11.1 has a vulnerability stemming from improper configuration of HTTP Strict Transport Security (HSTS). This oversight can allow remote attackers to exploit the system, potentially gaining access to sensitive information through man-in-the-middle techniques. Proper implementation of HSTS is essential to ensure the confidentiality and integrity of the data transmitted, as insufficient enforcement may expose users and their data to significant risks.",IBM,Applinx,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49796,https://securityvulnerability.io/vulnerability/CVE-2024-49796,Remote Clickjacking Vulnerability in IBM ApplinX 11.1,"IBM ApplinX 11.1 contains a vulnerability that allows remote attackers to hijack user click actions by tricking individuals into visiting a malicious website. This exploitation can lead to further attacks on affected users, compromising their online safety and security.",IBM,Applinx,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49800,https://securityvulnerability.io/vulnerability/CVE-2024-49800,Sensitive Information Exposure in IBM ApplinX 11.1,"IBM ApplinX 11.1 is affected by a vulnerability that allows authenticated users to access sensitive information stored in cleartext in memory. This exposure poses a risk as it can lead to unauthorized access to confidential data, which could be exploited for malicious purposes. Organizations using this version should take immediate action to mitigate the risk associated with this vulnerability to protect their sensitive data.",IBM,Applinx,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49798,https://securityvulnerability.io/vulnerability/CVE-2024-49798,Remote Information Disclosure in IBM ApplinX 11.1,"IBM ApplinX 11.1 contains a vulnerability that may permit a remote attacker to access sensitive information through detailed technical error messages displayed in the browser. This exposure of information can lead to more extensive attacks against the affected system, making it crucial for users to address this vulnerability promptly.",IBM,Applinx,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49795,https://securityvulnerability.io/vulnerability/CVE-2024-49795,Cross-Site Request Forgery Vulnerability in IBM ApplinX 11.1,"IBM ApplinX 11.1 is affected by a cross-site request forgery vulnerability that may allow attackers to execute unauthorized actions by sending crafted requests from a trusted user. This means that if an attacker manipulates a logged-in user's browser, they can force the user to perform actions without their consent, potentially compromising data integrity and user safety.",IBM,Applinx,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49794,https://securityvulnerability.io/vulnerability/CVE-2024-49794,Cross-Site Request Forgery in IBM ApplinX 11.1,"IBM ApplinX 11.1 is exposed to a cross-site request forgery vulnerability allowing attackers to potentially execute unauthorized actions by leveraging the trust established with authenticated users. As a result, visiting a malicious link could trigger detrimental actions on trusted accounts without user consent.",IBM,Applinx,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49793,https://securityvulnerability.io/vulnerability/CVE-2024-49793,Cross-Site Scripting Vulnerability in IBM ApplinX 11.1,IBM ApplinX version 11.1 is susceptible to a cross-site scripting vulnerability that enables authenticated users to inject arbitrary JavaScript code into the Web UI. This flaw can compromise the intended functionality of the application and potentially lead to the unauthorized disclosure of user credentials during a trusted session.,IBM,Applinx,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49792,https://securityvulnerability.io/vulnerability/CVE-2024-49792,Cross-Site Scripting Flaw in IBM ApplinX 11.1,"IBM ApplinX 11.1 contains a cross-site scripting vulnerability that can be exploited by an authenticated user. This flaw permits the injection of arbitrary JavaScript code into the Web UI, which may compromise the security of user credentials during trusted sessions. Attackers could manipulate the application’s intended behavior, leading to unauthorized access and potential data breaches. It is crucial for users and administrators to evaluate their security measures and update the application to mitigate the risks associated with this vulnerability.",IBM,Applinx,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49791,https://securityvulnerability.io/vulnerability/CVE-2024-49791,Cross-Site Scripting Vulnerability in IBM ApplinX 11.1,"IBM ApplinX 11.1 contains a cross-site scripting (XSS) vulnerability which allows an authenticated user to inject arbitrary JavaScript code into the web interface. This can compromise the intended functionality of the application, potentially resulting in unauthorized access to sensitive information, such as user credentials, during a trusted session.",IBM,Applinx,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-06T00:15:00.000Z,0
CVE-2024-49814,https://securityvulnerability.io/vulnerability/CVE-2024-49814,Privilege Escalation Vulnerability in IBM Security Verify Access Appliance,"A privilege escalation vulnerability exists in IBM Security Verify Access Appliance versions 10.0.0 through 10.0.3 that could potentially allow a locally authenticated user to gain elevated privileges. This issue arises due to instances where unnecessary privileges are granted during execution, creating an opportunity for malicious actors with access to the system to exploit this flaw and gain enhanced permissions that could compromise the integrity and security of the appliance.",IBM,Security Verify Access Appliance,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-06T00:10:32.792Z,0
CVE-2024-56473,https://securityvulnerability.io/vulnerability/CVE-2024-56473,IP Spoofing Vulnerability in IBM Aspera Shares Product,"IBM Aspera Shares versions 1.9.0 to 1.10.0 PL6 are susceptible to an IP spoofing vulnerability due to improper validation of 'Client-IP' headers. This flaw could enable attackers to forge their IP address in log files, complicating incident response and affecting the integrity of the logged data. Organizations using these versions should assess their exposure and implement recommended security practices to mitigate the risk.",IBM,Aspera Shares,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-05T23:15:00.000Z,0
CVE-2024-56472,https://securityvulnerability.io/vulnerability/CVE-2024-56472,Stored Cross-Site Scripting Flaw in IBM Aspera Shares Product,"IBM Aspera Shares versions 1.9.0 to 1.10.0 PL6 exhibit a vulnerability that allows authenticated users to inject arbitrary JavaScript into the Web UI. This dangerous flaw could allow attackers to manipulate the platform's normal operations, potentially leading to unauthorized access and the disclosure of sensitive information during an active session.",IBM,Aspera Shares,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-05T23:15:00.000Z,0
CVE-2024-56471,https://securityvulnerability.io/vulnerability/CVE-2024-56471,Server-Side Request Forgery in IBM Aspera Shares Affects Multiple Versions,"The IBM Aspera Shares product versions 1.9.0 through 1.10.0 PL6 are exposed to a server-side request forgery (SSRF) vulnerability. This issue allows an authenticated attacker to manipulate the server into sending unauthorized requests. By exploiting this vulnerability, attackers may achieve network enumeration, enabling them to discover sensitive information about the network configuration or initiate further attacks.",IBM,Aspera Shares,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-05T22:55:49.472Z,0
CVE-2024-56470,https://securityvulnerability.io/vulnerability/CVE-2024-56470,Server-Side Request Forgery Vulnerability in IBM Aspera Shares,"IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are susceptible to a server-side request forgery vulnerability. This issue could allow an authenticated attacker to send unauthorized requests from the server, which may lead to potential network enumeration and could facilitate additional malicious activities. Organizations using these affected versions are advised to take immediate action to mitigate the risks associated with this vulnerability.",IBM,Aspera Shares,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-05T22:53:15.182Z,0
CVE-2024-38318,https://securityvulnerability.io/vulnerability/CVE-2024-38318,HTML Injection Vulnerability in IBM Aspera Shares Product,"IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are susceptible to an HTML injection vulnerability. This allows a remote attacker to inject malicious HTML code, which, upon being viewed by a victim, executes within the web browser's security context of the affected site. The risk is significant, as this could lead to unauthorized actions or sensitive data being exposed to the attacker when users interact with crafted content.",IBM,Aspera Shares,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-05T22:49:18.237Z,0
CVE-2024-38317,https://securityvulnerability.io/vulnerability/CVE-2024-38317,Cross-Site Scripting in IBM Aspera Shares Affects User Security,"IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are susceptible to a cross-site scripting (XSS) vulnerability. This issue allows a privileged user to inject arbitrary JavaScript code into the Web UI. Such exploitation can modify the intended functionality of the application, potentially leading to the exposure of sensitive user credentials within a trusted session.",IBM,Aspera Shares,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-05T22:43:49.501Z,0
CVE-2024-38316,https://securityvulnerability.io/vulnerability/CVE-2024-38316,Email Flooding Vulnerability in IBM Aspera Shares,"IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are susceptible to an email flooding vulnerability due to inadequate rate limiting for authenticated user actions. This flaw allows an authenticated user to potentially overwhelm the email system by sending excessive emails, leading to a disruption of services and possible denial of access for legitimate users.",IBM,Aspera Shares,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-05T22:30:35.881Z,0
CVE-2024-49348,https://securityvulnerability.io/vulnerability/CVE-2024-49348,Access Control Vulnerability in IBM Cloud Pak for Business Automation,"An access control vulnerability in IBM Cloud Pak for Business Automation allows improperly restricted access to organizational data. Specifically, the reassignment of comment tasks through an API inadvertently enables access to user queries in contexts that should be limited, posing a risk for unauthorized data visibility.",IBM,Cloud Pak For Business Automation,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-05T11:30:05.572Z,0