CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30430 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-30430
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31883 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287615 https://www.ibm.com/support/pages/node/7158789 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38319 – IBM Security SOAR code execution
https://notcve.org/view.php?id=CVE-2024-38319
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. IBM Security SOAR 51.0.2.0 podría permitir que un usuario autenticado ejecute código malicioso cargado desde un script especialmente manipulado. ID de IBM X-Force: 294830. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294830 https://www.ibm.com/support/pages/node/7158261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38329 – IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass
https://notcve.org/view.php?id=CVE-2024-38329
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 a 8.1.22.0 podría permitir a un atacante autenticado remoto eludir las restricciones de seguridad causadas por una validación inadecuada del permiso del usuario. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para cambiar su configuración, activar copias de seguridad, restaurar copias de seguridad y también eliminar todas las copias de seguridad anteriores mediante la rotación de registros. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294994 https://www.ibm.com/support/pages/node/7157929 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47726 – IBM QRadar Suite improper input validation
https://notcve.org/view.php?id=CVE-2023-47726
IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087. IBM QRadar Suite Software 1.10.12.0 a 1.10.21.0 e IBM Cloud Pak for Security 1.10.12.0 a 1.10.21.0 podrían permitir que un usuario autenticado ejecute ciertos comandos arbitrarios debido a una validación de entrada incorrecta. ID de IBM X-Force: 272087. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272087 https://https://www.ibm.com/support/pages/node/7157750 • CWE-1287: Improper Validation of Specified Type of Input •