CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35907 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-35907
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37413 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37413
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. • https://www.ibm.com/support/pages/node/7181814 • CWE-204: Observable Response Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37398 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-37398
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. • https://www.ibm.com/support/pages/node/7181814 • CWE-521: Weak Password Requirements •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37412 – IBM Aspera Faspex improper access control
https://notcve.org/view.php?id=CVE-2023-37412
29 Jan 2025 — IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. • https://www.ibm.com/support/pages/node/7181814 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33838 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33838
29 Jan 2025 — IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. • https://www.ibm.com/support/pages/node/7172200 • CWE-759: Use of a One-Way Hash without a Salt •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35017 – IBM Security Verify Governance information
https://notcve.org/view.php?id=CVE-2023-35017
29 Jan 2025 — IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. • https://www.ibm.com/support/pages/node/7172423 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22315 – IBM Fusion improper communication restriction
https://notcve.org/view.php?id=CVE-2024-22315
28 Jan 2025 — IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection. • https://www.ibm.com/support/pages/node/7179168 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50316 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-50316
28 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete ... • https://www.ibm.com/support/pages/node/7176072 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27263 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-27263
28 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. • https://www.ibm.com/support/pages/node/7176072 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28786 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2024-28786
27 Jan 2025 — IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. • https://www.ibm.com/support/pages/node/7173420 • CWE-319: Cleartext Transmission of Sensitive Information •