CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30441 – IBM Java information disclosure
https://notcve.org/view.php?id=CVE-2023-30441
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 https://www.ibm.com/support/pages/node/6985011 https://www.ibm.com/support/pages/node/6986617 https://www.ibm.com/support/pages/node/6986637 https://www.ibm.com/support/pages/node/6987167 https://access.redhat.com/security/cve/CVE-2023-30441 https://bugzilla.redhat.com/show_bug.cgi?id=2188465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24966 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-24966
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246904 https://www.ibm.com/support/pages/node/6986333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-26283
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 https://www.ibm.com/support/pages/node/6964836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 https://www.ibm.com/support/pages/node/6891111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43917 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-43917
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptográficas más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. Esto afecta sólo a la versión en contenedores de WebSphere Application Server tradicional. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 https://www.ibm.com/support/pages/node/6857007 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •