CVE-2023-38371 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38371
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 https://www.ibm.com/support/pages/node/7158790 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-42014 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42014
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265511 https://www.ibm.com/support/pages/node/7158654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-31916 – IBM OpenBMC information disclosure
https://notcve.org/view.php?id=CVE-2024-31916
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290026 https://www.ibm.com/support/pages/node/7158679 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-30430 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-30430
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-31883 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287615 https://www.ibm.com/support/pages/node/7158789 • CWE-703: Improper Check or Handling of Exceptional Conditions •