13 results (0.004 seconds)

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-46181 – IBM Secure Proxy information disclosure

https://notcve.org/view.php?id=CVE-2023-46181

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 269686. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269686 https://www.ibm.com/support/pages/node/7142038 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-47699 – IBM Secure Proxy cross-site scripting

https://notcve.org/view.php?id=CVE-2023-47699

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270974 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-47147 – IBM Secure Proxy file manipulation

https://notcve.org/view.php?id=CVE-2023-47147

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 podría permitir a un atacante sobrescribir un mensaje de registro en condiciones específicas. ID de IBM X-Force: 270598. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270598 https://www.ibm.com/support/pages/node/7142038 • CWE-73: External Control of File Name or Path •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-46179 – IBM Secure Proxy information disclosure

https://notcve.org/view.php?id=CVE-2023-46179

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269683 https://www.ibm.com/support/pages/node/7142038 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-47162 – IBM Secure Proxy cross-site scripting

https://notcve.org/view.php?id=CVE-2023-47162

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270973 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •