Medium

Analysis Summary

CVE-2024-56476 CVSS:5.3

IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.

CVE-2024-56475 CVSS:5.4

IBM TXSeries for Multiplatforms 9is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2024-56474 CVSS:4.3

IBM TXSeries for Multiplatforms is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE-2025-0154 CVSS:5.3

IBM TXSeries for Multiplatforms could allow a remote attacker to obtain sensitive information, caused by improper neutralization of HTTP headers.

CVE-2024-56341 CVSS:5.4

IBM Content Navigator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Impact

• Information Disclosure
• Cross-Site Scripting

Indicators of Compromise

CVE

• CVE-2024-56476

• CVE-2024-56475

• CVE-2024-56474

• CVE-2025-0154

• CVE-2024-56341

Affected Vendors

Remediation

Refer to the appropriate IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-56476

CVE-2024-56475

CVE-2024-56474

CVE-2025-0154

CVE-2024-56341