CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28798 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28798
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287172 https://www.ibm.com/support/pages/node/7158439 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35022 – IBM InfoSphere Information Server improper authentication
https://notcve.org/view.php?id=CVE-2023-35022
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. IBM InfoSphere Information Server 11.7 podría permitir a un usuario local actualizar proyectos a los que no tiene autorización para acceder. ID de IBM X-Force: 258254. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258254 https://www.ibm.com/support/pages/node/7158447 • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28795 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28795
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286832 https://www.ibm.com/support/pages/node/7158408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38383 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38383
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Software Suite 1.10.12.0 a 1.10.21.0 permiten almacenar localmente páginas web que pueden ser leídas por otro usuario en el sistema. ID de IBM X-Force: 233673. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233673 https://www.ibm.com/support/pages/node/7158986 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38322 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38322
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 La discrepancia en la respuesta de error de nombre de usuario y contraseña del agente expone el producto a una enumeración de fuerza bruta. ID de IBM X-Force: 294869. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294869 https://www.ibm.com/support/pages/node/7158446 • CWE-204: Observable Response Discrepancy •