Analysis Summary

CVE-2024-43191 CVSS:7.2

IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.

CVE-2024-43177 CVSS:5.9

IBM Concert 1.0.0 and 1.0.1 could allow an attacker to perform unauthorized actions due to improper certificate validation.

CVE-2024-45073 CVSS:4.8

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-46175 CVSS:4.4

IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.

CVE-2024-31899 CVSS:4.3

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

Impact

• Gain Access
• Cross-Site Scripting
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-43191
• CVE-2024-43177
• CVE-2024-45073
• CVE-2023-46175
• CVE-2024-31899

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-43191

CVE-2024-43177

CVE-2024-45073

CVE-2023-46175

CVE-2024-31899