CVE-2024-35142 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2024-35142
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418. IBM Security Verify Access Docker 10.0.0 a 10.0.6 podría permitir que un usuario local escale sus privilegios debido a la ejecución de privilegios innecesarios. ID de IBM X-Force: 292418. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292418 https://www.ibm.com/support/pages/node/7155356 • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-35140 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2024-35140
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. IBM Security Verify Access Docker 10.0.0 a 10.0.6 podría permitir que un usuario local escale sus privilegios debido a una validación de certificado incorrecta. ID de IBM X-Force: 292416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292416 https://www.ibm.com/support/pages/node/7155356 • CWE-295: Improper Certificate Validation •
CVE-2024-22338 – IBM Security Verify Access OIDC Provider information disclosure
https://notcve.org/view.php?id=CVE-2024-22338
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. IBM Security Verify Access OIDC Provider 22.09 a 23.03 podría revelar información confidencial a un usuario local debido a una validación de entrada peligrosa. ID de IBM X-Force: 279978. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279978 https://www.ibm.com/support/pages/node/7155340 • CWE-20: Improper Input Validation •
CVE-2022-43575 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43575
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. IBM Aspera Console 3.4.0 a 3.4.2 PL5 es vulnerable a Cross-site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238680 https://www.ibm.com/support/pages/node/7155215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43384 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43384
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. IBM Aspera Console 3.4.0 a 3.4.2 PL5 es vulnerable a Cross-site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238645 https://www.ibm.com/support/pages/node/7155215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •