June 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Donot APT Group – Active IOCs
May 13, 2024
Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities
May 13, 2024
Donot APT Group – Active IOCs
May 13, 2024
Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities
May 13, 2024
Severity
Medium
Analysis Summary
CVE-2024-28761 CVSS:5.4
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2024-28760 CVSS:4.3
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.
CVE-2023-47712 CVSS:7.8
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control.
CVE-2023-47711 CVSS:2.7
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service.
CVE-2023-47709 CVSS:9.1
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2024-22345 CVSS:6.2
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2024-28781 CVSS:5.4
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-22344 CVSS:6.1
IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2023-38264 CVSS:5.9
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters.
CVE-2024-27269
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants.
Impact
- Gain Access
- Denial of Service
- Privilege Escalation
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-28761
- CVE-2024-28760
- CVE-2023-47712
- CVE-2023-47711
- CVE-2023-47709
- CVE-2024-22345
- CVE-2024-28781
- CVE-2024-22344
- CVE-2023-38264
- CVE-2024-27269
Affected Vendors
IBM
Affected Products
- IBM Security Guardium 11.3
- IBM QRadar SIEM 7.5.0
- IBM UrbanCode Deploy 7.0.0.0
- IBM TXSeries for Multiplatforms 8.2
- IBM Security Guardium 11.4
- IBM Security Guardium 11.5
- IBM App Connect Enterprise 11.0.0.1
- IBM App Connect Enterprise 12.0.1.0
- IBM UrbanCode Deploy 7.1
- IBM UrbanCode Deploy 7.2
- IBM UrbanCode Deploy 7.3
- IBM DevOps Deploy 8.0.0.1
- IBM DevOps Deploy 8.0
- IBM UrbanCode Deploy 7.3.2.4
- IBM UrbanCode Deploy 7.2.3.9
- IBM UrbanCode Deploy 7.1.2.16
- IBM UrbanCode Deploy 7.0.5.20
- IBM App Connect Enterprise 11.0.0.25
- IBM App Connect Enterprise 12.0.12.0
- IBM Security Guardium 12.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.