CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39089 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2021-39089
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216387 https://www.ibm.com/support/pages/node/6856405 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39011 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2021-39011
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213645 https://www.ibm.com/support/pages/node/6856403 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39167 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-39167
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2 y 7.8, bajo ciertas configuraciones, podría revelar información confidencial a un atacante que utilice técnicas de intermediario. ID de IBM X-Force: 235408. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235408 https://www.ibm.com/support/pages/node/6622025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22863 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-22863
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utilizando técnicas de intermediario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 https://www.ibm.com/support/pages/node/6855837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22594 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22594
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 https://www.ibm.com/support/pages/node/6855835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •