CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27876 – IBM TRIRIGA Application Platform XML external entity injection
https://notcve.org/view.php?id=CVE-2023-27876
IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249975 https://www.ibm.com/support/pages/node/6981115 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33959 – IBM Sterling Order Management privilege escalation
https://notcve.org/view.php?id=CVE-2022-33959
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229320 https://www.ibm.com/support/pages/node/6981911 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34333 – IBM Sterling Order Management information disclosure
https://notcve.org/view.php?id=CVE-2022-34333
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229698 https://www.ibm.com/support/pages/node/6981917 • CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27286 – IBM Aspera code execution
https://notcve.org/view.php?id=CVE-2023-27286
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248627 https://www.ibm.com/support/pages/node/6966588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27284 – IBM Aspera code execution
https://notcve.org/view.php?id=CVE-2023-27284
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248616 https://www.ibm.com/support/pages/node/6966588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •