CVE-2024-31878 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31878
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. IBM i 7.2, 7.3, 7.4 y 7.5 Service Tools Server (SST) es vulnerable a la enumeración de usuarios de SST por parte de un atacante remoto. Esta vulnerabilidad puede ser utilizada por un actor malintencionado para recopilar información sobre los usuarios de SST que puede ser objeto de futuros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 https://www.ibm.com/support/pages/node/7156725 • CWE-203: Observable Discrepancy •
CVE-2024-35142 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2024-35142
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418. IBM Security Verify Access Docker 10.0.0 a 10.0.6 podría permitir que un usuario local escale sus privilegios debido a la ejecución de privilegios innecesarios. ID de IBM X-Force: 292418. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292418 https://www.ibm.com/support/pages/node/7155356 • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-35140 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2024-35140
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. IBM Security Verify Access Docker 10.0.0 a 10.0.6 podría permitir que un usuario local escale sus privilegios debido a una validación de certificado incorrecta. ID de IBM X-Force: 292416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292416 https://www.ibm.com/support/pages/node/7155356 • CWE-295: Improper Certificate Validation •
CVE-2024-22338 – IBM Security Verify Access OIDC Provider information disclosure
https://notcve.org/view.php?id=CVE-2024-22338
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. IBM Security Verify Access OIDC Provider 22.09 a 23.03 podría revelar información confidencial a un usuario local debido a una validación de entrada peligrosa. ID de IBM X-Force: 279978. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279978 https://www.ibm.com/support/pages/node/7155340 • CWE-20: Improper Input Validation •
CVE-2022-43575 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43575
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. IBM Aspera Console 3.4.0 a 3.4.2 PL5 es vulnerable a Cross-site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238680 https://www.ibm.com/support/pages/node/7155215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •