3 results (0.011 seconds)

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. IBM WebSphere Automation para IBM Cloud Pak para Watson AIOps 1.4.3 podría revelar información confidencial. Un atacante local autenticado podría aprovechar esta vulnerabilidad para posiblemente obtener información para otros componentes de IBM WebSphere Automation para IBM Cloud Pak para Watson AIOps. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240829 https://www.ibm.com/support/pages/node/6842605 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. IBM WebSphere Automation para IBM Cloud Pak para Watson AIOps 1.4.2 podría proporcionar una seguridad más débil de lo esperado. Un atacante local puede crear una conexión de red saliente a otro sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240827 https://www.ibm.com/support/pages/node/6842605 • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. IBM WebSphere Automation for Cloud Pak for Watson AIOps versión 1.4.2, es vulnerable a un ataque de tipo cross-site request forgery, causada por la configuración inapropiada de los atributos de las cookies. IBM X-Force ID: 226449 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226449 https://www.ibm.com/support/pages/node/6826727 • CWE-352: Cross-Site Request Forgery (CSRF) •