This page lists publicly disclosed CVE vulnerabilities affecting ibm common_licensing (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-50946 | IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | [email protected] | 6.5 | 0.25% | 2025-01-26 | 2026-06-17 |
| CVE-2023-50945 | IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | [email protected] | 6.2 | 0.05% | 2025-01-26 | 2026-06-17 |
| CVE-2024-41774 | IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. | [email protected] | 4.8 | 0.25% | 2024-08-13 | 2026-06-17 |
| CVE-2024-40697 | IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. | [email protected] | 7.5 | 0.49% | 2024-08-13 | 2026-06-17 |
| CVE-2023-50306 | IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. | [email protected] | 4.0 | 0.19% | 2024-02-20 | 2026-06-17 |