CVE-2024-56341

CVE-2024-56341

Título es
CVE-2024-56341

Mié, 02/04/2025 – 15:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-56341

Descripción en
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

02/04/2025
02/04/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://www.ibm.com/support/pages/node/7229839

    • Enviar en el boletín
    Off

    CVE-2025-31724

    CVE-2025-31724

    Título es
    CVE-2025-31724

    Mié, 02/04/2025 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31724

    Descripción en
    Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537

    • Enviar en el boletín
    Off

    CVE-2025-31728

    CVE-2025-31728

    Título es
    CVE-2025-31728

    Mié, 02/04/2025 – 15:16

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31728

    Descripción en
    Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523

    • Enviar en el boletín
    Off

    CVE-2025-31727

    CVE-2025-31727

    Título es
    CVE-2025-31727

    Mié, 02/04/2025 – 15:16

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31727

    Descripción en
    Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523

    • Enviar en el boletín
    Off

    CVE-2025-31726

    CVE-2025-31726

    Título es
    CVE-2025-31726

    Mié, 02/04/2025 – 15:16

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31726

    Descripción en
    Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3520

    • Enviar en el boletín
    Off

    CVE-2025-31725

    CVE-2025-31725

    Título es
    CVE-2025-31725

    Mié, 02/04/2025 – 15:16

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31725

    Descripción en
    Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3539

    • Enviar en el boletín
    Off

    CVE-2024-56475

    CVE-2024-56475

    Título es
    CVE-2024-56475

    Mié, 02/04/2025 – 16:17

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56475

    Descripción en
    IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

    02/04/2025
    02/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7229880

    • Enviar en el boletín
    Off

    CVE-2024-56474

    CVE-2024-56474

    Título es
    CVE-2024-56474

    Mié, 02/04/2025 – 16:17

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56474

    Descripción en
    IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

    02/04/2025
    02/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7229880

    • Enviar en el boletín
    Off

    CVE-2025-0154

    CVE-2025-0154

    Título es
    CVE-2025-0154

    Mié, 02/04/2025 – 16:17

    Tipo
    CWE-644

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0154

    Descripción en
    IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.

    02/04/2025
    02/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7229880

    • Enviar en el boletín
    Off

    CVE-2024-56476

    CVE-2024-56476

    Título es
    CVE-2024-56476

    Mié, 02/04/2025 – 16:17

    Tipo
    CWE-204

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56476

    Descripción en
    IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.

    02/04/2025
    02/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7229880

    • Enviar en el boletín
    Off