CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24966 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-24966
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246904 https://www.ibm.com/support/pages/node/6986333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30444 – IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery
https://notcve.org/view.php?id=CVE-2023-30444
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. • https://www.ibm.com/support/pages/node/6985859 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2023-29255 – IBM DB2 for Linux, UNIX and Windows denial of service
https://notcve.org/view.php?id=CVE-2023-29255
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251991 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985687 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2023-27559 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-27559
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249196 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985667 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2023-29257 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-29257
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252011 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985691 •