CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33163 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33163
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso crítico para la seguridad de una forma que permite que dicho recurso sea leído o modificado por actores no deseados. ID de IBM X-Force: 228571. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228571 https://www.ibm.com/support/pages/node/7001885 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25683 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-25683
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247592 https://www.ibm.com/support/pages/node/7002721 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22307 – IBM Security Guardium privilege escalation
https://notcve.org/view.php?id=CVE-2022-22307
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753. IBM Security Guardium v11.3, v11.4 y v11.5 podría permitir a un usuario local obtener privilegios elevados debido a comprobaciones de autorización incorrectas. ID de IBM X-Force: 216753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216753 https://www.ibm.com/support/pages/node/6999317 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23480 – IBM Sterling Partner Engagement Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-23480
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245885 https://www.ibm.com/support/pages/node/7001563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23481 – IBM Sterling Partner Engagement Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-23481
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 es vulnerable a Cross-Site Scripting Almacenado. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario a la interfaz de usuario web, lo que altera la funcionalidad prevista y puede conducir a la divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245889 https://www.ibm.com/support/pages/node/7001561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •