CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38372 – IBM Watson IoT Platform information disclosure
https://notcve.org/view.php?id=CVE-2023-38372
29 Feb 2024 — An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. Un atacante no autorizado que haya obtenido un token de autenticación de seguridad de IBM Watson IoT Platform 1.0 puede utilizarlo para hacerse pasar por un usuario de plataforma autorizado. ID de IBM X-Force: 261201. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261201 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2020-4207
https://notcve.org/view.php?id=CVE-2020-4207
28 Jan 2020 — IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972. IBM Watson IoT Message Gateway versiones 2.0.0.x, 5.0.0.0, 5.0.0.1 y 5.0.0.2, es vulnerable a un desbordamiento del... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174972 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •