3 matches found
CVE-2024-49351
IBM Workload Scheduler (versions 9.5, 10.1, 10.2) stores user credentials in plaintext, readable by a local user. This yields a CVSSv3.1 base score of 5.5 (LO: Local, PR:L, C:H, I:N, A:N). The issue stems from plaintext password storage; remediation is to upgrade to fixed releases: 9.5.0.7, 10.1....
CVE-2022-22369
CVE-2022-22369 affects IBM Workload Scheduler 9.4 and 9.5. The IBM bulletin describes an arbitrary file-creation vulnerability in the JLOG component that could allow a local user to overwrite key system files and crash the system. A fix (APAR IJ37881) is included in IBM Workload Scheduler 9.5.0.6...
CVE-2020-4380
CVE-2020-4380 affects IBM Workload Scheduler (Dynamic Workload Console) 9.3.0.4 and earlier. The issue is a cross-site scripting (XSS) vulnerability in the Web UI that can cause arbitrary JavaScript execution within a trusted session, potentially enabling credential disclosure. IBM’s bulletin not...