June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Microsoft Warns of More Customers’ Emails Stolen by APT29
July 1, 2024
Kimsuky Steals Sensitive Data Leveraging TRANSLATEXT Chrome Extension – Active IOCs
July 1, 2024
Microsoft Warns of More Customers’ Emails Stolen by APT29
July 1, 2024
Kimsuky Steals Sensitive Data Leveraging TRANSLATEXT Chrome Extension – Active IOCs
July 1, 2024
Severity
Medium
Analysis Summary
CVE-2024-35153 CVSS:4.8
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-38368 CVSS:6.2
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls.
CVE-2024-31881 CVSS:6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user.
CVE-2023-30997 CVSS:8.4
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls.
CVE-2023-42011 CVSS:4.3
IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
CVE-2023-42014 CVSS:5.4
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-38371 CVSS:5.9
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Impact
- Cross-Site Scripting
- Information Disclosure
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-35153
- CVE-2023-38368
- CVE-2024-31881
- CVE-2023-30997
- CVE-2023-42011
- CVE-2023-42014
- CVE-2023-38371
Affected Vendors
IBM
Affected Products
- IBM WebSphere Application Server 8.5
- IBM WebSphere Application Server 9.0
- IBM DB2 for Linux
- IBM Sterling B2B Integrator 6.0.0.0
- IBM Sterling B2B Integrator 6.1.0.3
- UNIX and Windows 10.5
- IBM Security Verify Access Docker 10.0.0.0
- IBM Sterling B2B Integrator 6.2.0.0
- IBM Security Verify Access Docker 10.0.7.1
- IBM Sterling B2B Integrator 6.2.0.2
- IBM Cloud APM 8.1.4
- IBM InfoSphere Master Data Management 12.0
- IBM InfoSphere Master Data Management 11.6
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.
