CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25154 – Path Traversal in FileCatalyst Direct 3.8.8 and Earlier
https://notcve.org/view.php?id=CVE-2024-25154
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. • https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html https://www.fortra.com/security/advisory/fi-2024-003 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-1979 – Quarkus: information leak in annotation
https://notcve.org/view.php?id=CVE-2024-1979
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk. Se encontró una vulnerabilidad en Quarkus. En ciertas condiciones relacionadas con el proceso de CI, las credenciales de git podrían publicarse sin darse cuenta, lo que podría poner en riesgo el repositorio de git. • https://access.redhat.com/errata/RHSA-2024:1662 https://access.redhat.com/security/cve/CVE-2024-1979 https://bugzilla.redhat.com/show_bug.cgi?id=2266690 https://github.com/quarkusio/quarkus/issues/38055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32335 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-32335
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 https://www.ibm.com/support/pages/node/7138684 https://www.ibm.com/support/pages/node/7138686 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-43043 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-43043
IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 https://www.ibm.com/support/pages/node/7138286 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1137 – TIBCO ActiveSpaces Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2024-1137
The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. Los componentes Proxy y Cliente de TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc. contienen una vulnerabilidad que, en teoría, permite a un cliente de Active Spaces observar pasivamente el tráfico de datos hacia otros clientes. • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208 • CWE-862: Missing Authorization •