Ibm

Control Center

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2023-43035

  • EPSS 0.02%
  • Veröffentlicht 10.04.2025 13:26:44
  • Zuletzt bearbeitet 18.07.2025 14:18:49

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

5.4

CVE-2023-42007

  • EPSS 0.03%
  • Veröffentlicht 10.04.2025 13:24:46
  • Zuletzt bearbeitet 18.07.2025 14:21:30

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di...

5.3

CVE-2023-43052

  • EPSS 0.05%
  • Veröffentlicht 07.03.2025 17:15:18
  • Zuletzt bearbeitet 19.06.2025 00:11:36

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side ...

6.1

CVE-2023-35894

  • EPSS 0.03%
  • Veröffentlicht 07.03.2025 17:15:17
  • Zuletzt bearbeitet 13.03.2025 15:51:20

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scr...

6.5

CVE-2024-35113

  • EPSS 0.06%
  • Veröffentlicht 25.01.2025 14:15:29
  • Zuletzt bearbeitet 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.

5.3

CVE-2024-35114

  • EPSS 0.06%
  • Veröffentlicht 25.01.2025 14:15:29
  • Zuletzt bearbeitet 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.

4.3

CVE-2024-35111

  • EPSS 0.05%
  • Veröffentlicht 25.01.2025 14:15:28
  • Zuletzt bearbeitet 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

4.3

CVE-2024-35112

  • EPSS 0.05%
  • Veröffentlicht 25.01.2025 14:15:28
  • Zuletzt bearbeitet 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

5.4

CVE-2021-20528

  • EPSS 0.14%
  • Veröffentlicht 19.05.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:43

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.3

CVE-2021-20529

  • EPSS 0.14%
  • Veröffentlicht 19.05.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:43

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.