7 results (0.008 seconds)

CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. • https://www.ibm.com/support/pages/node/7172206 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. IBM Security SOAR 51.0.2.0 podría permitir que un usuario autenticado ejecute código malicioso cargado desde un script especialmente manipulado. ID de IBM X-Force: 294830. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294830 https://www.ibm.com/support/pages/node/7158261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir a un usuario autenticado manipular la salida escrita en archivos de registro. ID de IBM X-Force: 260576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260576 https://www.ibm.com/support/pages/node/7111679 • CWE-117: Improper Output Neutralization for Logs •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir a un atacante remoto atravesar directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260575 https://www.ibm.com/support/pages/node/7111679 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir que un usuario autenticado realice acciones no autorizadas debido a controles de acceso inadecuados. ID de IBM X-Force: 260577. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260577 https://www.ibm.com/support/pages/node/7111679 • CWE-284: Improper Access Control •