CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22592 – IBM Robotic Process Automation for Cloud Pak insufficient permission settings
https://notcve.org/view.php?id=CVE-2023-22592
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. IBM Robotic Process Automation para Cloud Pak 21.0.1 a 21.0.4 podría permitir que un usuario local realice acciones no autorizadas debido a una configuración de permisos insuficiente. ID de IBM X-Force: 244073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 https://www.ibm.com/support/pages/node/6855839 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47990 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2022-47990
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. IBM AIX 7.1, 7.2, 7.3 y VIOS, 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en X11 para provocar un desbordamiento del búfer que podría provocar una denegación de servicio o la ejecución de código arbitrario. ID de IBM X-Force: 243556. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 https://www.ibm.com/support/pages/node/6855827 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22875 – IBM Security QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2023-22875
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356. IBM QRadar SIEM 7.4 y 7.5 copia los archivos de claves de certificado utilizados para SSL/TLS en la interfaz de usuario web de QRadar en hosts gestionados en el despliegue que no requieren esa clave. ID de IBM X-Force: 244356. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244356 https://www.ibm.com/support/pages/node/6855643 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40615 – IBM Sterling Partner Engagement Manager SQL injection
https://notcve.org/view.php?id=CVE-2022-40615
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236208 https://www.ibm.com/support/pages/node/6854333 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34335 – IBM Sterling Partner Engagement Manager denial of service
https://notcve.org/view.php?id=CVE-2022-34335
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229705 https://www.ibm.com/support/pages/node/6854331 • CWE-400: Uncontrolled Resource Consumption •