CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23482 – IBM Sterling Partner Engagement Manager clickjacking
https://notcve.org/view.php?id=CVE-2023-23482
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y, posiblemente, lanzar más ataques contra ella. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245891 https://www.ibm.com/support/pages/node/7001569 •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-33846 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-33846
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257100 https://www.ibm.com/support/pages/node/7001601 https://www.ibm.com/support/pages/node/7001629 https://www.ibm.com/support/pages/node/7001633 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-33847 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-33847
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257102 https://www.ibm.com/support/pages/node/7001635 https://www.ibm.com/support/pages/node/7001641 https://www.ibm.com/support/pages/node/7001645 •
CVSS: 3.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-33849 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-33849
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257105 https://www.ibm.com/support/pages/node/7001687 https://www.ibm.com/support/pages/node/7001695 https://www.ibm.com/support/pages/node/7001697 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-33848 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-33848
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257104 https://www.ibm.com/support/pages/node/7001647 https://www.ibm.com/support/pages/node/7001681 https://www.ibm.com/support/pages/node/7001683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •