This page lists publicly disclosed CVE vulnerabilities affecting ibm control_center (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-43052 | IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. | [email protected] | 5.3 | 0.23% | 2025-03-07 | 2025-06-19 |
| CVE-2024-35114 | IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | [email protected] | 5.3 | 0.05% | 2025-01-25 | 2025-11-06 |
| CVE-2024-35113 | IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | [email protected] | 4.3 | 0.07% | 2025-01-25 | 2025-03-04 |
| CVE-2024-35112 | IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | [email protected] | 5.4 | 0.09% | 2025-01-25 | 2025-03-04 |
| CVE-2024-35111 | IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | [email protected] | 4.3 | 0.08% | 2025-01-25 | 2025-11-06 |
| CVE-2021-20529 | IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763. | [email protected] | 5.3 | 0.14% | 2021-05-19 | 2024-11-21 |
| CVE-2021-20528 | IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198761. | [email protected] | 5.4 | 0.14% | 2021-05-19 | 2024-11-21 |
| CVE-2017-1758 | IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. | [email protected] | 7.1 | 0.51% | 2018-02-21 | 2024-11-21 |
| CVE-2016-0252 | IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. | [email protected] | 5.1 | 0.07% | 2016-07-08 | 2026-05-06 |