CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 https://www.ibm.com/support/pages/node/6891111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38389 – IBM Tivoli Workload Scheduler XML external entity injection
https://notcve.org/view.php?id=CVE-2022-38389
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233975 https://www.ibm.com/support/pages/node/6890695 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22486 – IBM Tivoli Workload Scheduler XML external entity injection
https://notcve.org/view.php?id=CVE-2022-22486
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226328 https://www.ibm.com/support/pages/node/6890697 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0CVE-2023-23469 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-23469
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244504 https://www.ibm.com/support/pages/node/6857999 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47983 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2022-47983
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243161 https://www.ibm.com/support/pages/node/6857695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •