Page 2 of 52 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-28513 – IBM MQ denial of service

https://notcve.org/view.php?id=CVE-2023-28513

19 Jul 2023 — IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting

https://notcve.org/view.php?id=CVE-2023-26283

22 Mar 2023 — IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-26281 – IBM HTTP Server denial of service

https://notcve.org/view.php?id=CVE-2023-26281

28 Feb 2023 — IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248296 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

CVE-2022-42436 – IBM MQ information disclosure

https://notcve.org/view.php?id=CVE-2022-42436

08 Feb 2023 — IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238206 •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-34362 – IBM Sterling Secure Proxy HOST header injection

https://notcve.org/view.php?id=CVE-2022-34362

08 Feb 2023 — IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-35720 – IBM Sterling External Authentication Server information disclosure

https://notcve.org/view.php?id=CVE-2022-35720

08 Feb 2023 — IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-23477 – IBM WebSphere Application Server code execution

https://notcve.org/view.php?id=CVE-2023-23477

03 Feb 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2022-43917 – IBM WebSphere Application Server information disclosure

https://notcve.org/view.php?id=CVE-2022-43917

25 Jan 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptográficas más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. Esto afecta sólo a la versi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-43875 – IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service

https://notcve.org/view.php?id=CVE-2022-43875

20 Dec 2022 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizacio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-43872 – IBM Financial Transaction Manager information disclosure

https://notcve.org/view.php?id=CVE-2022-43872

20 Dec 2022 — IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 • CWE-863: Incorrect Authorization •