CVE-2024-31897 – IBM Cloud Pak for Business Automation server-side request forgery
https://notcve.org/view.php?id=CVE-2024-31897
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 vulnerables a Server Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288178 https://www.ibm.com/support/pages/node/7159332 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-38330 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-38330
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. IBM System Management para i 7.2, 7.3 y 7.4 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada no calificada a un programa de librería. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecute con privilegios de administrador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295227 https://www.ibm.com/support/pages/node/7159615 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-39723 – IBM FlashSystem denial of service
https://notcve.org/view.php?id=CVE-2024-39723
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso físico al sistema podría utilizar el puerto USB para provocar la pérdida de acceso a los datos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 https://www.ibm.com/support/pages/node/7159333 • CWE-287: Improper Authentication CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •
CVE-2023-50964 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50964
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/276102 https://www.ibm.com/support/pages/node/7159060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-28794 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28794
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286831 https://www.ibm.com/support/pages/node/7158444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •