Severity
Medium
Analysis Summary
CVE-2024-35160 CVSS:4.3
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
CVE-2024-41781 CVSS:5.1
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.
CVE-2024-37070 CVSS:4.3
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
CVE-2024-41744 CVSS:6.5
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-45642 CVSS:5.3
IBM Security ReaQta 3.12 could disclose sensitive information due to an overly permissive cross-domain policy.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2024-35160
CVE-2024-41781
CVE-2024-37070
CVE-2024-41744
CVE-2024-45642
Affected Vendors
Affected Products
- IBM IBM CICS TX Standard 11.1
- IBM CICS TX Standard - 11.1
- IBM Concert Software 1.0.0
- IBM Concert Software 1.0.1
- IBM Concert Software 1.0.2
- IBM Concert Software 1.0.2.1
- IBM PowerVM Hypervisor - FW950.00 - FW1030.00 - FW1050.00 - FW1060.00
- IBM Security ReaQta 3.12
- IBM Security ReaQta - 3.12
Remediation
Refer to the appropriate IBM Security Advisory for the patch, upgrade, or suggested workaround information.