CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-40750 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2022-40750
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236588 https://www.ibm.com/support/pages/node/6833552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2022-38712
https://notcve.org/view.php?id=CVE-2022-38712
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." "IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podrían permitir que un atacante intermediario realice suplantación de SOAPAction para ejecutar operaciones no deseadas o no autorizadas. ID de IBM X-Force: 234762". • https://www.ibm.com/support/pages/node/6829907 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-35637
https://notcve.org/view.php?id=CVE-2022-35637
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegación de servicio tras introducir una sentencia SQL malformada en la herramienta Db2expln. IBM X-Force ID: 230823 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230823 https://security.netapp.com/advisory/ntap-20230921-0003 https://www.ibm.com/support/pages/node/6618775 •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 https://www.ibm.com/support/pages/node/6619699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-22483
https://notcve.org/view.php?id=CVE-2022-22483
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una divulgación de información en algunos escenarios debido a un acceso no autorizado causado por una administración de privilegios inapropiada cuando es usado el comando CREATE OR REPLACE. IBM X-Force ID: 225979 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225979 https://security.netapp.com/advisory/ntap-20230921-0004 https://www.ibm.com/support/pages/node/6618779 • CWE-269: Improper Privilege Management •