Lucene search
+L

4 matches found

CVE
CVE
added 2024/06/22 6:56 p.m.76 views

CVE-2024-38319

CVE-2024-38319 affects IBM Security SOAR (Resilient) 51.0.2.0 and earlier. An authenticated user could inject and execute malicious commands loaded from a specially crafted script (command injection). IBM reports base CVSS around 7.5–8.0 with high impact to confidentiality, integrity, and availab...

8.8CVSS7.4AI score0.0046EPSS
CVE
CVE
added 2024/11/14 11:50 a.m.76 views

CVE-2024-45670

CVE-2024-45670 affects IBM Security SOAR 51.0.1.0 and earlier. A password-recovery mechanism allows resetting/changing passwords without knowing the original, but requires the attacker’s prior compromise of the user account. The vulnerability could enable unauthorized access by exploiting this we...

8.1CVSS5.8AI score0.00319EPSS
CVE
CVE
added 2022/01/20 7:40 p.m.49 views

CVE-2021-29785

CVE-2021-29785 affects IBM Security SOAR. The root cause is the product’s failure to properly enable HTTP Strict-Transport-Security (HSTS) headers on some endpoints, which could allow an attacker to obtain sensitive information through man-in-the-middle techniques. IBM’s security bulletin confirm...

5.9CVSS5.4AI score0.01299EPSS
CVE
CVE
added 2021/03/19 3:20 p.m.43 views

CVE-2020-4635

CVE-2020-4635 affects IBM Resilient (SOAR) prior to v40.1, where a user could enumerate usernames and disclose partial confidential information. IBM’s security bulletin confirms the issue and its CVSS foundations, with a fix implemented in Resilient v40.1 that adds rate-limiting and fuzzing to de...

5.3CVSS4.9AI score0.00944EPSS