CVSS: 5.4EPSS: 0%CPEs: 55EXPL: 0CVE-2023-22860 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22860
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244100 https://www.ibm.com/support/pages/node/6958062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40237 – IBM MQ for HPE NonStop denial of service
https://notcve.org/view.php?id=CVE-2022-40237
IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235727 https://www.ibm.com/support/pages/node/6958136 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43923
https://notcve.org/view.php?id=CVE-2022-43923
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241584 https://www.ibm.com/support/pages/node/6957654 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43578 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43578
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238683 https://www.ibm.com/support/pages/node/6957156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43873 – IBM Spectrum Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2022-43873
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239847 https://www.ibm.com/support/pages/node/6858047 •