CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38370 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38370
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261197 https://www.ibm.com/support/pages/node/7158790 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 https://www.ibm.com/support/pages/node/7158790 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38371 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38371
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 https://www.ibm.com/support/pages/node/7158790 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31916 – IBM OpenBMC information disclosure
https://notcve.org/view.php?id=CVE-2024-31916
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290026 https://www.ibm.com/support/pages/node/7158679 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30430 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-30430
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •