All Users of Dropbox Digital Signature Service Impacted by Security Breach
May 3, 2024Multiple SAP Products Vulnerabilities
May 3, 2024All Users of Dropbox Digital Signature Service Impacted by Security Breach
May 3, 2024Multiple SAP Products Vulnerabilities
May 3, 2024Severity
Medium
Analysis Summary
CVE-2024-28775 CVSS:4.4
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-28764 CVSS:6.5
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.
CVE-2022-38386 CVSS:5.9
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques.
CVE-2024-25047 CVSS:8.6
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system.
CVE-2023-47727 CVSS:4.3
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation.
Impact
- Cross-Site Scripting
- Data Manipulation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-28775
- CVE-2024-28764
- CVE-2022-38386
- CVE-2024-25047
- CVE-2023-47727
Affected Vendors
Affected Products
- IBM Cognos Analytics 11.2.1
- IBM Cloud Pak for Security 1.10.0.0
- IBM Cloud Pak for Security 1.10.11.0
- IBM QRadar Suite Software 1.10.12.0
- IBM Cognos Analytics 11.2.4
- IBM Cognos Analytics 12.0.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.