CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43917 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-43917
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptográficas más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. Esto afecta sólo a la versión en contenedores de WebSphere Application Server tradicional. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 https://www.ibm.com/support/pages/node/6857007 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21900
https://notcve.org/view.php?id=CVE-2023-21900
Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpujan2023.html •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9579
https://notcve.org/view.php?id=CVE-2019-9579
An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream). Se descubrió un problema en Illumos en Nexenta NexentaStor 4.0.5 y 5.1.2 y otros productos. El servidor SMB permite que un atacante tenga acceso no deseado; por ejemplo, un atacante con WRITE_XATTR puede cambiar los permisos. • https://www.illumos.org/issues/10506 https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2021-43395
https://notcve.org/view.php?id=CVE-2021-43395
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected. Se descubrió un problema en illumos antes de f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04 y SmartOS 20210923. Un usuario local sin privilegios puede provocar un punto muerto y pánico en el kernel mediante llamadas de cambio de nombre y rmdir manipuladas en sistemas de archivos tmpfs. • http://www.tribblix.org/relnotes.html https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90 https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424 https://jgardner100.wordpress.com/2022/01/20/security-heads-up • CWE-667: Improper Locking •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-35646 – IBM Security Verify Governance, Identity Manager security bypass
https://notcve.org/view.php?id=CVE-2022-35646
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096. El componente de software IBM Security Verify Governance, Identity Manager 10.0.1 podría permitir que un usuario autenticado modifique o cancele la solicitud de acceso de cualquier otro usuario utilizando técnicas de intermediario. ID de IBM X-Force: 231096. • https://exchange.xforce.ibmcloud.com/vulnerabilities/231096 https://www.ibm.com/support/pages/node/6850809 • CWE-287: Improper Authentication •