4 matches found
CVE-2024-38319
CVE-2024-38319 affects IBM Security SOAR (Resilient) 51.0.2.0 and earlier. An authenticated user could inject and execute malicious commands loaded from a specially crafted script (command injection). IBM reports base CVSS around 7.5–8.0 with high impact to confidentiality, integrity, and availab...
CVE-2024-45670
CVE-2024-45670 affects IBM Security SOAR 51.0.1.0 and earlier. A password-recovery mechanism allows resetting/changing passwords without knowing the original, but requires the attacker’s prior compromise of the user account. The vulnerability could enable unauthorized access by exploiting this we...
CVE-2021-29785
CVE-2021-29785 affects IBM Security SOAR. The root cause is the product’s failure to properly enable HTTP Strict-Transport-Security (HSTS) headers on some endpoints, which could allow an attacker to obtain sensitive information through man-in-the-middle techniques. IBM’s security bulletin confirm...
CVE-2020-4635
CVE-2020-4635 affects IBM Resilient (SOAR) prior to v40.1, where a user could enumerate usernames and disclose partial confidential information. IBM’s security bulletin confirms the issue and its CVSS foundations, with a fix implemented in Resilient v40.1 that adds rate-limiting and fuzzing to de...