CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 https://www.ibm.com/support/pages/node/6909467 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34350 – IBM API Connect security bypass
https://notcve.org/view.php?id=CVE-2022-34350
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230264 https://www.ibm.com/support/pages/node/6921243 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42438 – IBM Cloud Pak for Multicloud Management Monitoring privilege escalation
https://notcve.org/view.php?id=CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238210 https://www.ibm.com/support/pages/node/6909427 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43869 – IBM Spectrum Scale denial of service
https://notcve.org/view.php?id=CVE-2022-43869
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239539 https://www.ibm.com/support/pages/node/6909465 https://www.ibm.com/support/pages/node/6909469 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34362 – IBM Sterling Secure Proxy HOST header injection
https://notcve.org/view.php?id=CVE-2022-34362
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230523 https://www.ibm.com/support/pages/node/6890663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •