CVE-2023-38735 – IBM Cognos Dashboards improper authentication
https://notcve.org/view.php?id=CVE-2023-38735
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 podría permitir a un atacante remoto omitir las restricciones de seguridad, causadas por una falla de tabulación inversa. Un atacante podría aprovechar esta vulnerabilidad y redirigir a la víctima a un sitio de phishing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262482 https://www.ibm.com/support/pages/node/7031207 • CWE-287: Improper Authentication •
CVE-2023-38276 – IBM Cognos Dashboards information disclosure
https://notcve.org/view.php?id=CVE-2023-38276
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone información confidencial en variables de entorno que podrían ayudar en futuros ataques contra el system. ID de IBM X-Force: 260736. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260736 https://www.ibm.com/support/pages/node/7031207 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-38275 – IBM Cognos Dashboards information disclosure
https://notcve.org/view.php?id=CVE-2023-38275
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone información confidencial en imágenes de contenedores que podrían provocar más ataques contra el system. ID de IBM X-Force: 260730. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260735 https://www.ibm.com/support/pages/node/7031207 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-26026 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26026
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-26023 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26023
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-532: Insertion of Sensitive Information into Log File •