CVE-2023-38738 – IBM OpenPages with Watson information disclosure
https://notcve.org/view.php?id=CVE-2023-38738
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages utilizando autenticación nativa. Si OpenPages utiliza autenticación nativa, un atacante con acceso a la base de datos de OpenPages podría, mediante una serie de pasos especialmente manipulados, explotar esta debilidad y obtener acceso no autorizado a otras cuentas de OpenPages. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 https://www.ibm.com/support/pages/node/7107775 • CWE-257: Storing Passwords in a Recoverable Format •
CVE-2023-48354
https://notcve.org/view.php?id=CVE-2023-48354
This could lead to local information disclosure with no additional execution privileges needed En telephone service existe una posible validación de entrada incorrecta. • https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 •
CVE-2023-48339
https://notcve.org/view.php?id=CVE-2023-48339
This could lead to local information disclosure with System execution privileges needed En jpg driver, es posible que falte una verificación de permiso. • https://www.unisoc.com/en_us/secy/announcementDetail/1745735200442220545 • CWE-862: Missing Authorization •
CVE-2023-7031 – Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. • https://support.avaya.com/css/public/documents/101088063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2023-50950 – IBM QRadar information disclosure
https://notcve.org/view.php?id=CVE-2023-50950
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. IBM QRadar SIEM 7.5 podría revelar información confidencial de correo electrónico en respuestas a reglas de infracción. ID de IBM X-Force: 275709. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275709 https://www.ibm.com/support/pages/node/7108657 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •