Analysis Summary

CVE-2024-49819 CVSS:4.1

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVE-2024-49340 CVSS:4.3

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2024-52360 CVSS:4.7

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVE-2024-52899 CVSS:6

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.

CVE-2024-54181 CVSS:5.9

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Information Disclosure
• Data Manipulation
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-49819

• CVE-2024-49340

• CVE-2024-52360

• CVE-2024-52899

• CVE-2024-54181

Affected Vendors

Remediation

Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.

CVE-2024-49819

CVE-2024-49340

CVE-2024-52360

CVE-2024-52899

CVE-2024-54181