CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26286 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-26286
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248421 https://www.ibm.com/support/pages/node/6983236 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36769 – IBM Cloud Pak for Data file upload
https://notcve.org/view.php?id=CVE-2022-36769
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 https://www.ibm.com/support/pages/node/6980959 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41739 – IBM Spectrum Scale privilege escalation
https://notcve.org/view.php?id=CVE-2022-41739
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 https://www.ibm.com/support/pages/node/6964568 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43928 – IBM Db2 Mirror for i information disclosure
https://notcve.org/view.php?id=CVE-2022-43928
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241675 https://www.ibm.com/support/pages/node/6981113 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43914 – IBM TRIRIGA Application Platform cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43914
IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241036 https://www.ibm.com/support/pages/node/6981597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •