Request a Demo
Rewterz
Multiple Microsoft Windows Vulnerabilities
January 22, 2025
Rewterz
Oracle’s January 2025 Update Fixes 318 Vulnerabilities in Key Products
January 22, 2025

Multiple IBM Products Vulnerabilities

Severity

Low

Analysis Summary

CVE-2024-55897 CVSS:1.4

IBM PowerHA SystemMirror for i 7.4 and 7.5, does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

CVE-2024-55896 CVSS:2.7

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

CVE-2024-52901 CVSS:3.6

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

CVE-2024-52898 CVSS:3.6

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.

CVE-2024-52897 CVSS:3.6

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CVE-2024-52896 CVSS:3.6

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CVE-2024-52893 CVSS:1.4

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2024-52891 CVSS:2.5

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.

CVE-2024-52367 CVSS:1.4

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

Impact

  • Gain Access
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-55897

  • CVE-2024-55896

  • CVE-2024-52901

  • CVE-2024-52898

  • CVE-2024-52897

  • CVE-2024-52896

  • CVE-2024-52893

  • CVE-2024-52891

  • CVE-2024-52367

Affected Vendors

IBM

Affected Products

  • IBM InfoSphere Information Server 11.7
  • IBM MQ 9.2 LTS
  • IBM Concert Software 1.0.0
  • IBM PowerHA SystemMirror for i 7.4
  • IBM PowerHA SystemMirror for i 7.5
  • IBM Concert Software 9.3 LTS
  • IBM Concert Software 9.3 CD
  • IBM Concert Software 9.4 LTS
  • IBM Concert Software 9.4
  • IBM Concert Software 1.0.1
  • IBM Concert Software 1.0.2.1
  • IBM Concert Software 1.0.3

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-55897

CVE-2024-55896

CVE-2024-52901

CVE-2024-52898

CVE-2024-52897

CVE-2024-52896

CVE-2024-52893

CVE-2024-52891

CVE-2024-52367