Publish Advisories

GHSA-3x55-3v35-wg88
GHSA-fpwf-jj2q-fxxh
GHSA-jmh6-3m65-qgmg
GHSA-vcxw-vmr7-hmxx
GHSA-x5hh-r5wr-8mh7

advisories/unreviewed/2025/01/GHSA-3x55-3v35-wg88/GHSA-3x55-3v35-wg88.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3x55-3v35-wg88",
+  "modified": "2025-01-18T18:30:46Z",
+  "published": "2025-01-18T18:30:46Z",
+  "aliases": [
+    "CVE-2024-47113"
+  ],
+  "details": "IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47113"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7175791"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-91"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T16:15:38Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-fpwf-jj2q-fxxh/GHSA-fpwf-jj2q-fxxh.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fpwf-jj2q-fxxh",
+  "modified": "2025-01-18T18:30:47Z",
+  "published": "2025-01-18T18:30:47Z",
+  "aliases": [
+    "CVE-2024-45662"
+  ],
+  "details": "IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45662"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7173765"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T17:15:07Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-jmh6-3m65-qgmg/GHSA-jmh6-3m65-qgmg.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jmh6-3m65-qgmg",
+  "modified": "2025-01-18T18:30:47Z",
+  "published": "2025-01-18T18:30:47Z",
+  "aliases": [
+    "CVE-2024-49354"
+  ],
+  "details": "IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49354"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7174120"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-213"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T16:15:39Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-vcxw-vmr7-hmxx/GHSA-vcxw-vmr7-hmxx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vcxw-vmr7-hmxx",
+  "modified": "2025-01-18T18:30:47Z",
+  "published": "2025-01-18T18:30:47Z",
+  "aliases": [
+    "CVE-2024-49824"
+  ],
+  "details": "IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49824"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7177587"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-602"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T16:15:39Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-x5hh-r5wr-8mh7/GHSA-x5hh-r5wr-8mh7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x5hh-r5wr-8mh7",
+  "modified": "2025-01-18T18:30:46Z",
+  "published": "2025-01-18T18:30:46Z",
+  "aliases": [
+    "CVE-2024-47106"
+  ],
+  "details": "IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47106"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7178507"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-552"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T16:15:37Z"
+  }
+}