CyberAlerts

CVE-2024-56472

Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56471

IBM Aspera Shares Server-Side Request Forgery

Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56470

IBM Aspera Shares Server-Side Request Forgery

Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56135

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

CVSS: HIGH (8.4)

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56134

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

CVSS: HIGH (8.4)

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56133

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

CVSS: HIGH (8.4)

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56132

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

CVSS: HIGH (8.4)

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-56131

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

CVSS: HIGH (8.4)

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-5528

Incomplete Comparison with Missing Factors in GitLab

Description: An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.

CVSS: LOW (3.5)

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

CVE-2024-54853

A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote...

Description: A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser.

EPSS Score: 0.04%

Source: CVE

February 6th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-56472	IBM Aspera Shares Cross-Site Scripting Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS: MEDIUM (6.4) EPSS Score: 0.05% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56471	IBM Aspera Shares Server-Side Request Forgery Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. CVSS: MEDIUM (5.4) EPSS Score: 0.05% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56470	IBM Aspera Shares Server-Side Request Forgery Description: IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. CVSS: MEDIUM (5.4) EPSS Score: 0.05% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56135	Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) CVSS: HIGH (8.4) EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56134	Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) CVSS: HIGH (8.4) EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56133	Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) CVSS: HIGH (8.4) EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56132	Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) CVSS: HIGH (8.4) EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-56131	Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)   From 7.2.49.0 to 7.2.54.12 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) CVSS: HIGH (8.4) EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-5528	Incomplete Comparison with Missing Factors in GitLab Description: An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. CVSS: LOW (3.5) EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)
CVE-2024-54853	A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote... Description: A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser. EPSS Score: 0.04% Source: CVE February 6th, 2025 (5 months ago)