CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47984 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2022-47984
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243163 https://https://www.ibm.com/support/pages/node/6988153 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22878 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-22878
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244373 https://https://www.ibm.com/support/pages/node/6988155 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28529 – IBM InfoSphere Information Server 11.7
https://notcve.org/view.php?id=CVE-2023-28529
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/251213 https://www.ibm.com/support/pages/node/6988675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-28950 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28950
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 https://https://www.ibm.com/support/pages/node/6985837 •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2023-28514 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28514
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 https://www.ibm.com/support/pages/node/6985835 • CWE-209: Generation of Error Message Containing Sensitive Information •