Ibm

Control Center

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2023-43035

  • EPSS 0.02%
  • Published 10.04.2025 13:26:44
  • Last modified 18.07.2025 14:18:49

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

5.4

CVE-2023-42007

  • EPSS 0.03%
  • Published 10.04.2025 13:24:46
  • Last modified 18.07.2025 14:21:30

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di...

5.3

CVE-2023-43052

  • EPSS 0.05%
  • Published 07.03.2025 17:15:18
  • Last modified 19.06.2025 00:11:36

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side ...

6.1

CVE-2023-35894

  • EPSS 0.03%
  • Published 07.03.2025 17:15:17
  • Last modified 13.03.2025 15:51:20

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scr...

6.5

CVE-2024-35113

  • EPSS 0.06%
  • Published 25.01.2025 14:15:29
  • Last modified 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.

5.3

CVE-2024-35114

  • EPSS 0.06%
  • Published 25.01.2025 14:15:29
  • Last modified 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.

4.3

CVE-2024-35111

  • EPSS 0.05%
  • Published 25.01.2025 14:15:28
  • Last modified 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

4.3

CVE-2024-35112

  • EPSS 0.05%
  • Published 25.01.2025 14:15:28
  • Last modified 04.03.2025 16:58:06

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

5.4

CVE-2021-20528

  • EPSS 0.14%
  • Published 19.05.2021 20:15:07
  • Last modified 21.11.2024 05:46:43

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.3

CVE-2021-20529

  • EPSS 0.14%
  • Published 19.05.2021 20:15:07
  • Last modified 21.11.2024 05:46:43

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.