CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35156 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35156
28 Jun 2024 — IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292766 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35155 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2024-35155
28 Jun 2024 — IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292765 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35139 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2024-35139
28 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35137 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2024-35137
28 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. • https://packetstorm.news/files/id/182466 • CWE-258: Empty Password in Configuration File •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30135 – Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
https://notcve.org/view.php?id=CVE-2024-30135
28 Jun 2024 — HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37137
https://notcve.org/view.php?id=CVE-2024-37137
28 Jun 2024 — A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226476/dsa-2024-294-security-update-for-dell-cloudlink-vulnerability • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38370 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38370
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities... • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38371 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38371
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31916 – IBM OpenBMC information disclosure
https://notcve.org/view.php?id=CVE-2024-31916
27 Jun 2024 — IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290026 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •