CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26284 – IBM MQ Certified Container improper access controls
https://notcve.org/view.php?id=CVE-2023-26284
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248417 https://www.ibm.com/support/pages/node/6960201 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43874 – IBM App Connect Enterprise Certified Container
https://notcve.org/view.php?id=CVE-2022-43874
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239963 https://www.ibm.com/support/pages/node/6960189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27290 – IBM Observability with Instana missing authentication
https://notcve.org/view.php?id=CVE-2023-27290
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. Docker based datastores for IBM Instana versions 239-0 through 239-2, 241-0 through 241-2, and 243-0 suffer from a missing authentication vulnerability. • https://www.exploit-db.com/exploits/51314 http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html https://exchange.xforce.ibmcloud.com/vulnerabilities/248737 https://www.ibm.com/support/pages/node/6959969 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24975 – IBM Spectrum Symphony HOST header injection
https://notcve.org/view.php?id=CVE-2023-24975
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247030 https://www.ibm.com/support/pages/node/6959369 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-35645 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2022-35645
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230958 https://www.ibm.com/support/pages/node/6959353 https://www.ibm.com/support/pages/node/6959355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •