CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43384 – IBM Aspera Console cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43384
IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. IBM Aspera Console 3.4.0 a 3.4.2 PL5 es vulnerable a Cross-site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238645 https://www.ibm.com/support/pages/node/7155215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37411 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2023-37411
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. IBM Aspera Faspex 5.0.0 a 5.0.6 es vulnerable a Cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260139 https://www.ibm.com/support/pages/node/7154977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31894 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31894
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del usuario utilizando un token de acceso caducado. ID de IBM X-Force: 288175. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288175 https://www.ibm.com/support/pages/node/7154606 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31895 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31895
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del usuario utilizando un token de acceso caducado. ID de IBM X-Force: 288176. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288176 https://www.ibm.com/support/pages/node/7154606 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31893 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31893
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del calendario utilizando un token de acceso caducado. ID de IBM X-Force: 288174.v • https://exchange.xforce.ibmcloud.com/vulnerabilities/288174 https://www.ibm.com/support/pages/node/7154606 • CWE-324: Use of a Key Past its Expiration Date •