CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2023-30438 – IBM PowerVM gain access
https://notcve.org/view.php?id=CVE-2023-30438
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 https://www.ibm.com/support/pages/node/6993021 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27863 – IBM Spectrum Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2023-27863
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249325 https://www.ibm.com/support/pages/node/6965812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25927 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2023-25927
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 https://https://www.ibm.com/support/pages/node/6989653 https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28522 – IBM API Connect improper access control
https://notcve.org/view.php?id=CVE-2023-28522
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250585 https://www.ibm.com/support/pages/node/6965612 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28520 – IBM Planning Analytics Local cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28520
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/250454 https://www.ibm.com/support/pages/node/6986639 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •