CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39723 – IBM FlashSystem denial of service
https://notcve.org/view.php?id=CVE-2024-39723
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso físico al sistema podría utilizar el puerto USB para provocar la pérdida de acceso a los datos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 https://www.ibm.com/support/pages/node/7159333 • CWE-287: Improper Authentication CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50964 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50964
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/276102 https://www.ibm.com/support/pages/node/7159060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28794 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28794
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286831 https://www.ibm.com/support/pages/node/7158444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50953 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50953
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. IBM InfoSphere Information Server 11.7 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275775 https://www.ibm.com/support/pages/node/7159057 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50952 – IBM InfoSphere Information Server server-side request forgery
https://notcve.org/view.php?id=CVE-2023-50952
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. IBM InfoSphere Information Server 11.7 es vulnerable a Server-Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275774 https://www.ibm.com/support/pages/node/7158437 • CWE-918: Server-Side Request Forgery (SSRF) •