CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-43927 – IBM Db2 for Linux, UNIX and Windows information disclosure
https://notcve.org/view.php?id=CVE-2022-43927
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241671 https://www.ibm.com/support/pages/node/6953759 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-24964 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-24964
IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246463 https://www.ibm.com/support/pages/node/6953519 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 https://www.ibm.com/support/pages/node/6953617 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22868 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22868
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 https://www.ibm.com/support/pages/node/6952319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 96%CPEs: 5EXPL: 4CVE-2022-47986 – IBM Aspera Faspex Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-47986
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. IBM Aspera Faspex version 4.4.1 suffers from a YAML deserialization vulnerability that allows for remote code execution. • https://www.exploit-db.com/exploits/51316 https://github.com/ohnonoyesyes/CVE-2022-47986 https://github.com/dhina016/CVE-2022-47986 https://github.com/mauricelambert/CVE-2022-47986 http://packetstormsecurity.com/files/171772/IBM-Aspera-Faspex-4.4.1-YAML-Deserialization.html https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 https://www.ibm.com/support/pages/node/6952319 • CWE-502: Deserialization of Untrusted Data •