Analysis Summary

CVE-2024-35160 CVSS:4.3

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

CVE-2024-41781 CVSS:5.1

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.

CVE-2024-37070 CVSS:4.3

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

CVE-2024-41744 CVSS:6.5

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2024-45642 CVSS:5.3

IBM Security ReaQta 3.12 could disclose sensitive information due to an overly permissive cross-domain policy.

Impact

• Information Disclosure
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-35160

• CVE-2024-41781

• CVE-2024-37070

• CVE-2024-41744

• CVE-2024-45642

Affected Vendors

Remediation

Refer to the appropriate IBM Security Advisory for the patch, upgrade, or suggested workaround information.

CVE-2024-35160

CVE-2024-41781

CVE-2024-37070

CVE-2024-41744

CVE-2024-45642