Analysis Summary

CVE-2024-28799 CVSS:5.1

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information.

CVE-2024-25024 CVSS:6.2

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user.

CVE-2023-50314 CVSSz:5.3

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.

CVE-2024-27267 CVSS:5.9

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.

CVE-2024-35152 CVSS:6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

CVE-2024-31882 CVSS:5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.

Impact

• Information Disclosure
• Denial of Service

Indicators of Compromise

CVE

• CVE-2024-28799
• CVE-2024-25024
• CVE-2023-50314
• CVE-2024-27267
• CVE-2024-35152
• CVE-2024-31882

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-28799

CVE-2024-25024

CVE-2023-50314

CVE-2024-27267

CVE-2024-35152

CVE-2024-31882