CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38734 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-38734
22 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38732 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38732
22 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. El servidor IBM Robotic Process Automation v21.0.0 a v21.0.7 podría permitir a un usuario autenticado ver información confidencial de los registros de la aplicación. IBM X-Force ID: 262289. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262289 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4456 – Openshift-logging: lokistack authorisation is cached too broadly
https://notcve.org/view.php?id=CVE-2023-4456
21 Aug 2023 — A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. Se encontró una falla en Openshift-logging LokiStack. La clave utilizada para el almacenamiento en caché es solo el token, que es demasiado amplio. • https://access.redhat.com/errata/RHSA-2023:4933 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 0CVE-2023-3223 – Undertow: outofmemoryerror due to @multipartconfig handling
https://notcve.org/view.php?id=CVE-2023-3223
08 Aug 2023 — A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Se encontró una falla en el undertow. • https://access.redhat.com/errata/RHSA-2023:4505 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-35900 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-35900
19 Jul 2023 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
16 Jul 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 • CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1260 – Kube-apiserver: privesc
https://notcve.org/view.php?id=CVE-2023-1260
12 Jul 2023 — An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. Se descubrió una vulnerabilidad de omisión de autenticación en kube-apiserve... • https://access.redhat.com/errata/RHSA-2023:3976 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27540 – IBM Watson CP4D Data Stores denial of service
https://notcve.org/view.php?id=CVE-2023-27540
10 Jul 2023 — IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248924 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-3089 – Ocp & fips mode
https://notcve.org/view.php?id=CVE-2023-3089
05 Jul 2023 — A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applicati... • https://access.redhat.com/security/cve/CVE-2023-3089 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-521: Weak Password Requirements CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-4361 – RHSSO: XSS due to lax URI scheme validation
https://notcve.org/view.php?id=CVE-2022-4361
28 Jun 2023 — Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can us... • https://bugzilla.redhat.com/show_bug.cgi?id=2151618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •