CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38020 – IBM SOAR QRadar Plugin App log injection
https://notcve.org/view.php?id=CVE-2023-38020
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir a un usuario autenticado manipular la salida escrita en archivos de registro. ID de IBM X-Force: 260576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260576 https://www.ibm.com/support/pages/node/7111679 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38019 – IBM SOAR QRadar Plugin App directory traversal
https://notcve.org/view.php?id=CVE-2023-38019
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir a un atacante remoto atravesar directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260575 https://www.ibm.com/support/pages/node/7111679 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38263 – IBM SOAR QRadar Plugin App improper access controls
https://notcve.org/view.php?id=CVE-2023-38263
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir que un usuario autenticado realice acciones no autorizadas debido a controles de acceso inadecuados. ID de IBM X-Force: 260577. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260577 https://www.ibm.com/support/pages/node/7111679 • CWE-284: Improper Access Control •