CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38264 – IBM SDK, Java Technology Edition denial of service
https://notcve.org/view.php?id=CVE-2023-38264
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. El SDK de IBM, Object Request Broker (ORB) de Java Technology Edition 7.1.0.0 a 7.1.5.21 y 8.0.0.0 a 8.0.8.21 es vulnerable a un ataque de denegación de servicio en algunas circunstancias debido a la aplicación inadecuada de JEP 290 MaxRef y MaxDepth. filtros de deserialización. ID de IBM X-Force: 260578. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260578 https://www.ibm.com/support/pages/node/7150727 https://access.redhat.com/security/cve/CVE-2023-38264 https://bugzilla.redhat.com/show_bug.cgi?id=2279963 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27269 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2024-27269
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575. IBM QRadar SIEM 7.5 podría permitir a un usuario privilegiado configurar una gestión de usuarios que revelaría información confidencial no deseada entre los inquilinos. ID de IBM X-Force: 284575. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284575 https://www.ibm.com/support/pages/node/7150684 • CWE-286: Incorrect User Management •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-28781 – IBM UrbanCode Deploy cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28781
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654. IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 y 8.0 a 8.0.0.1 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285654 https://www.ibm.com/support/pages/node/7150747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40694 – IBM Watson CP4D Data Stores information disclosure
https://notcve.org/view.php?id=CVE-2023-40694
IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. IBM Watson CP4D Data Stores 4.0.0 a 4.8.4 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 264838. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264838 https://www.ibm.com/support/pages/node/7150286 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27283 – IBM Aspera Orchestrator information disclosure
https://notcve.org/view.php?id=CVE-2023-27283
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545. IBM Aspera Orchestrator 4.0.1 podría permitir a un atacante remoto enumerar nombres de usuarios debido a discrepancias de respuesta observables. ID de IBM X-Force: 248545. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248545 https://www.ibm.com/support/pages/node/7150191 • CWE-204: Observable Response Discrepancy •