CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0041 – IBM Security Guardium session fixation
https://notcve.org/view.php?id=CVE-2023-0041
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657. IBM Security Guardium v11.5 podría permitir a un usuario tomar el control de la sesión de otro usuario debido a una caducidad de sesión insuficiente. IBM X-Force ID: 243657. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243657 https://www.ibm.com/support/pages/node/7000021 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32334 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-32334
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. IBM Maximo Asset Management v7.6.1.2, v7.6.1.3 e IBM Maximo Application Suite v8.8.0 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado de referencia o el historial del navegador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 https://www.ibm.com/support/pages/node/6999721 https://www.ibm.com/support/pages/node/6999747 •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27861 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-27861
IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208. IBM Maximo Application Suite - Manage Component v8.8.0 y v8.9.0 transmite información confidencial en texto claro que podría ser interceptada por un atacante mediante técnicas de "man in the middle". IBM X-Force ID: 249208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249208 https://www.ibm.com/support/pages/node/6999917 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27285 – IBM Aspera buffer overflow
https://notcve.org/view.php?id=CVE-2023-27285
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. IBM Aspera Connect v4.2.5 e IBM Aspera Cargo v4.2.5 son vulnerables a un desbordamiento de búfer, causado por una comprobación de límites incorrecta. Un atacante podría desbordar un búfer y ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248625 https://www.ibm.com/support/pages/node/7001053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22862 – IBM Aspera information disclosure
https://notcve.org/view.php?id=CVE-2023-22862
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107. IBM Aspera Connect e IBM Aspera Cargo 4.2.5 transmite credenciales de autenticación, pero utiliza un método inseguro que es susceptible de ser interceptado y/o recuperado sin autorización. IBM X-Force ID: 244107 IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244107 https://www.ibm.com/support/pages/node/7001053 • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •