CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2022-42436 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2022-42436
08 Feb 2023 — IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34362 – IBM Sterling Secure Proxy HOST header injection
https://notcve.org/view.php?id=CVE-2022-34362
08 Feb 2023 — IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35720 – IBM Sterling External Authentication Server information disclosure
https://notcve.org/view.php?id=CVE-2022-35720
08 Feb 2023 — IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43875 – IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2022-43875
20 Dec 2022 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizacio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43872 – IBM Financial Transaction Manager information disclosure
https://notcve.org/view.php?id=CVE-2022-43872
20 Dec 2022 — IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34361 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2022-34361
06 Dec 2022 — IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. IBM Sterling Secure Proxy 6.0.3 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 230522. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230522 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-31772 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2022-31772
11 Nov 2022 — IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD y 9.2 LTS podrían permitir que un usuario autenticado y autorizado provoque una denegación de servicio a los canales MQTT. ID de IBM X-Force: 228335. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228335 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29841
https://notcve.org/view.php?id=CVE-2021-29841
14 Sep 2021 — IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, al... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205045 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29728
https://notcve.org/view.php?id=CVE-2021-29728
30 Aug 2021 — IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, una comunicación de salida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/201160 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29723
https://notcve.org/view.php?id=CVE-2021-29723
30 Aug 2021 — IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-ForceID: 201100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201100 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •