Analysis Summary

CVE-2024-35146 CVSS:5.4

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-45086 CVSS:5.5

IBM WebSphere Application Server is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2024-41745 CVSS:6.1

IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-41741 CVSS:5.3

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.

Impact

• Cross-Site Scripting
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-35146
• CVE-2024-45086
• CVE-2024-41745
• CVE-2024-41741

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-35146

CVE-2024-45086

CVE-2024-41745

CVE-2024-41741