CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2023-25929 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-25929
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 https://security.netapp.com/advisory/ntap-20230814-0005 https://www.ibm.com/support/pages/node/7012621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43910 – IBM Security Guardium privilege escalation
https://notcve.org/view.php?id=CVE-2022-43910
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908. IBM Security Guardium v11.3 podría permitir a un usuario local escalar sus privilegios debido a controles de permisos inadecuados. ID de IBM X-Force: 240908. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240908 https://www.ibm.com/support/pages/node/7007815 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43908 – IBM Security Guardium denial of service
https://notcve.org/view.php?id=CVE-2022-43908
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903. IBM Security Guardium v11.3 podría permitir a un usuario autenticado provocar una denegación de servicio debido a una incorrecta validación de entrada. ID de IBM X-Force: 240903. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240903 https://www.ibm.com/support/pages/node/7007815 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26026 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26026
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •