CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32329 – IBM Security Access Manager Container improper file validation
https://notcve.org/view.php?id=CVE-2023-32329
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254972 https://www.ibm.com/support/pages/node/7106586 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31005 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31005
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. ... IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254767 https://www.ibm.com/support/pages/node/7106586 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47142 – IBM Tivoli Application Dependency Discovery Manager privilege escalation
https://notcve.org/view.php?id=CVE-2023-47142
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 https://www.ibm.com/support/pages/node/7105139 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2023-46344 – Solar-Log 200 PM+ 3.6.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. ... A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. • https://github.com/vinnie1717/CVE-2023-46344 http://solar-log.com https://github.com/vinnie1717/CVE-2023-46344/blob/main/Solar-Log%20XSS https://www.solar-log.com/en/support/firmware-database-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51939
https://notcve.org/view.php?id=CVE-2023-51939
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. • https://gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f https://github.com/liang-junkai/Relic-bbs-fault-injection https://github.com/relic-toolkit/relic/issues/284 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •