CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25023 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-25023
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.22.0 almacenan información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 281429. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281429 https://www.ibm.com/support/pages/node/7159768 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 70EXPL: 0CVE-2024-37528 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-37528
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 son vulnerables a Cross Site Scripting. Esta vulnerabilidad permite a un usuario privilegiado incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294293 https://www.ibm.com/support/pages/node/7159332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 70EXPL: 0CVE-2024-31897 – IBM Cloud Pak for Business Automation server-side request forgery
https://notcve.org/view.php?id=CVE-2024-31897
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 vulnerables a Server Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288178 https://www.ibm.com/support/pages/node/7159332 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38330 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-38330
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. IBM System Management para i 7.2, 7.3 y 7.4 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada no calificada a un programa de librería. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecute con privilegios de administrador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295227 https://www.ibm.com/support/pages/node/7159615 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39723 – IBM FlashSystem denial of service
https://notcve.org/view.php?id=CVE-2024-39723
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso físico al sistema podría utilizar el puerto USB para provocar la pérdida de acceso a los datos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 https://www.ibm.com/support/pages/node/7159333 • CWE-287: Improper Authentication CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •