CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-30447 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-30447
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253436 https://security.netapp.com/advisory/ntap-20230731-0007 https://www.ibm.com/support/pages/node/7010557 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39014 – IBM Cloud Object Storage System cross-site scripting
https://notcve.org/view.php?id=CVE-2021-39014
IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213650 https://www.ibm.com/support/pages/node/6517124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35890 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-35890
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. IBM WebSphere Application Server v8.5 y v9.0 podrían proporcionar una seguridad más débil de lo esperado, causada por la codificación incorrecta en un archivo de configuración local. ID de IBM X-Force: 258637. • https://https://www.ibm.com/support/pages/node/7007857 https://www.ibm.com/support/pages/node/7007857 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30990 – IBM i command execution
https://notcve.org/view.php?id=CVE-2023-30990
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254036 https://www.ibm.com/support/pages/node/7008573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27866 – IBM Informix JDBC code execution
https://notcve.org/view.php?id=CVE-2023-27866
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 https://www.ibm.com/support/pages/node/7007615 • CWE-94: Improper Control of Generation of Code ('Code Injection') •