CVE-2023-42014 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42014
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265511 https://www.ibm.com/support/pages/node/7158654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-31916 – IBM OpenBMC information disclosure
https://notcve.org/view.php?id=CVE-2024-31916
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290026 https://www.ibm.com/support/pages/node/7158679 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-30430 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-30430
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-31883 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287615 https://www.ibm.com/support/pages/node/7158789 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVE-2024-38319 – IBM Security SOAR code execution
https://notcve.org/view.php?id=CVE-2024-38319
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. IBM Security SOAR 51.0.2.0 podría permitir que un usuario autenticado ejecute código malicioso cargado desde un script especialmente manipulado. ID de IBM X-Force: 294830. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294830 https://www.ibm.com/support/pages/node/7158261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •