Multiple IBM Products Vulnerabilities

July 2, 2024

Severity

Medium

Analysis Summary

CVE-2024-28797 CVSS:6.4

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-31898 CVSS:5.4

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

CVE-2023-35022 CVSS:4

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access.

CVE-2024-31902 CVSS:4.3

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2024-28795 CVSS:5.4

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-35119 CVSS:5.3

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

CVE-2023-50954 CVSS:4.3

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system.

CVE-2024-28794 CVSS:5.4

CVE-2023-50952 CVSS:5.4

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2024-28798 CVSS:7.2

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-50953 CVSS:4.3

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

CVE-2023-50964 CVSS:5.4

CVE-2024-31912 CVSS:7.5

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment.

CVE-2022-38383 CVSS:4

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system.

Impact