CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45716 – HCL Sametime is impacted by a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45716
Sametime is impacted by sensitive information passed in URL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42016 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-42016
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265559 https://www.ibm.com/support/pages/node/7116083 • CWE-319: Cleartext Transmission of Sensitive Information CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45191 – IBM Engineering Lifecycle Optimization information disclosure
https://notcve.org/view.php?id=CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22318 – IBM i Access Client Solutions information disclosure
https://notcve.org/view.php?id=CVE-2024-22318
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. ... The hostile server could capture the NTLM hash information to obtain the user's credentials. • https://www.exploit-db.com/exploits/51817 http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html http://seclists.org/fulldisclosure/2024/Feb/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/279091 https://www.ibm.com/support/pages/node/7116091 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-52332 – Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52332
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. •