Multiple IBM Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-37395 CVSS:2.5

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

CVE-2024-35117 CVSS:4.4

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.

CVE-2024-47117 CVSS:5.4

IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Impact

Information Disclosure
Cross-site Scripting

Indicators of Compromise

CVE

CVE-2023-37395
CVE-2024-35117
CVE-2024-47117

Affected Vendors

Affected Products

IBM Aspera Faspex - 5.0.0
IBM OpenPages with Watson - 9.0
IBM Carbon Charts - 0.4.0

Remediation

Refer to IBM Website for patch, upgrade, or suggested workaround information.

CVE-2023-37395

CVE-2024-35117

CVE-2024-47117

Multiple Google Chrome Vulnerabilities

NVIDIA Alerts Users to Critical Vulnerabilities Enabling Malicious Code Execution

Multiple IBM Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan