June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Google Chrome Vulnerabilities
March 5, 2025
NVIDIA Alerts Users to Critical Vulnerabilities Enabling Malicious Code Execution
March 5, 2025
Multiple Google Chrome Vulnerabilities
March 5, 2025
NVIDIA Alerts Users to Critical Vulnerabilities Enabling Malicious Code Execution
March 5, 2025
Severity
High
Analysis Summary
CVE-2023-37395 CVSS:2.5
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
CVE-2024-35117 CVSS:4.4
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
CVE-2024-47117 CVSS:5.4
IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Information Disclosure
- Cross-site Scripting
Indicators of Compromise
CVE
CVE-2023-37395
CVE-2024-35117
CVE-2024-47117
Affected Vendors
- IBM
Affected Products
- IBM Aspera Faspex - 5.0.0
- IBM OpenPages with Watson - 9.0
- IBM Carbon Charts - 0.4.0
Remediation
Refer to IBM Website for patch, upgrade, or suggested workaround information.
