CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-50959 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-50959
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.0.2 pueden permitir a los usuarios finales consultar más documentos de los esperados desde un sistema de gestión de contenido empresarial conectado cuando se configura para usar una cuenta del sistema. ID de IBM X-Force: 275938. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275938 https://www.ibm.com/support/pages/node/7145492 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25027 – IBM Security Verify Access Container information disclosure
https://notcve.org/view.php?id=CVE-2024-25027
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281607 https://www.ibm.com/support/pages/node/7145400 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30246 – Tuleap deleting or moving an artifact can delete values from unrelated artifacts
https://notcve.org/view.php?id=CVE-2024-30246
A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. • https://github.com/Enalean/tuleap/commit/a0ba0ae82a29eb8bfacef286778e5e49954f5316 https://github.com/Enalean/tuleap/security/advisories/GHSA-jc7g-4pcv-8jcj https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a0ba0ae82a29eb8bfacef286778e5e49954f5316 https://tuleap.net/plugins/tracker/?aid=37545 • CWE-440: Expected Behavior Violation CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29020 – JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked
https://notcve.org/view.php?id=CVE-2024-29020
An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30511 – WordPress FG PrestaShop to WooCommerce plugin <= 4.45.1 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-30511
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. ... The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.45.1. • https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-45-1-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •