CVE-2023-28528 – IBM AIX command execution
https://notcve.org/view.php?id=CVE-2023-28528
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. • http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout-Privilege-Escalation.html https://exchange.xforce.ibmcloud.com/vulnerabilities/251207 https://www.ibm.com/support/pages/node/6983232 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1691 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-27557 – IBM Safter Payments information disclosure
https://notcve.org/view.php?id=CVE-2023-27557
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249192 https://www.ibm.com/support/pages/node/6985603 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2020-4729 – IBM Safer Payments denial of service
https://notcve.org/view.php?id=CVE-2020-4729
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188052 https://www.ibm.com/support/pages/node/6985595 •
CVE-2023-27556 – IBM Safer Payments denial of service
https://notcve.org/view.php?id=CVE-2023-27556
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249190 https://www.ibm.com/support/pages/node/6985601 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-27860 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-27860
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249207 https://www.ibm.com/support/pages/node/6985679 • CWE-209: Generation of Error Message Containing Sensitive Information •