CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-35020 – IBM Sterling Control Center directory traversal
https://notcve.org/view.php?id=CVE-2023-35020
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. IBM Sterling Control Center versión 6.3.0 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257874 https://www.ibm.com/support/pages/node/7107788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40683 – IBM OpenPages with Watson privilege escalation
https://notcve.org/view.php?id=CVE-2023-40683
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorización insuficientes. Al autenticarse como usuario de OpenPages y utilizar API no públicas, un atacante podría aprovechar esta vulnerabilidad para eludir la seguridad y obtener acceso administrativo no autorizado a la aplicación. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 https://www.ibm.com/support/pages/node/7107774 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages utilizando autenticación nativa. Si OpenPages utiliza autenticación nativa, un atacante con acceso a la base de datos de OpenPages podría, mediante una serie de pasos especialmente manipulados, explotar esta debilidad y obtener acceso no autorizado a otras cuentas de OpenPages. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 https://www.ibm.com/support/pages/node/7107775 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22410 – Binary Planting Attack on Windows Platforms in Creditcoin
https://notcve.org/view.php?id=CVE-2024-22410
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. • https://github.com/gluwa/creditcoin/security/advisories/GHSA-cx5c-xwcv-vhmq https://owasp.org/www-community/attacks/Binary_planting • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6335
https://notcve.org/view.php?id=CVE-2023-6335
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. La vulnerabilidad de resolución de enlace incorrecta antes del acceso al archivo ("Link Following") en HYPR Workforce Access en Windows permite el nombre de archivo controlado por el usuario. Este problema afecta a Workforce Access: antes de 8.7. • https://www.hypr.com/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •