CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22595 – IBM B2B Advanced Communication cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22595
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. • https://www.ibm.com/support/pages/node/7014929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43831 – IBM Spectrum Scale privilege escalation
https://notcve.org/view.php?id=CVE-2022-43831
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941. IBM Storage Scale Container Native Storage Access de la versión 5.1.2.1 a la versión 5.1.6.1 podría permitir a un usuario local obtener privilegios escalados en un host sin la configuración de contexto de seguridad adecuada. ID de IBM X-Force: 238941. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238941 https://www.ibm.com/support/pages/node/7015067 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35016 – IBM Security Verify Governance path traversal
https://notcve.org/view.php?id=CVE-2023-35016
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772. • https://exchange.xforce.ibmcloud.com/vulnerabilities/25772 https://www.ibm.com/support/pages/node/7014397 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35019 – IBM Security Verify Governance command execution
https://notcve.org/view.php?id=CVE-2023-35019
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257873 https://www.ibm.com/support/pages/node/7014397 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2023-28530 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28530
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251214 https://security.netapp.com/advisory/ntap-20230814-0005 https://www.ibm.com/support/pages/node/7012621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •