CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26024 – IBM Planning Analytics on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26024
01 Dec 2023 — IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. IBM Planning Analytics on Cloud Pak for Data 4.0 podría permitir que un atacante en una red compartida obtenga información confidencial causada por una comunicación de red insegura. ID de IBM X-Force: 247898. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247898 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26026 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26026
19 Jul 2023 — Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26023 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26023
19 Jul 2023 — Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27877 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-27877
19 Jul 2023 — IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28958 – IBM Watson Knowledge Catalog CSV injection
https://notcve.org/view.php?id=CVE-2023-28958
10 Jul 2023 — IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251782 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30444 – IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery
https://notcve.org/view.php?id=CVE-2023-30444
27 Apr 2023 — IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. • https://www.ibm.com/support/pages/node/6985859 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41297 – IBM Db2U cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-41297
01 Dec 2022 — IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212. IBM Db2U 3.5, 4.0 y 4.5 es vulnerable a Cross-Site Request Forgery (CSRF), lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 237212. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237212 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-22353
https://notcve.org/view.php?id=CVE-2022-22353
14 Mar 2022 — IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. IBM Big SQL en IBM Cloud Pak for Data versiones 7.1.0, 7.1.1, 7.2.0 y 7.2.3, podría permitir a un usuario autenticado con los permisos adecuados obtener información confidencial al omitir las reglas de enmascaramiento de datos mediante una sentencia CRE... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220480 •