CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28775 – IBM WebSphere Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28775
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. IBM WebSphere Automation 1.7.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285648 https://www.ibm.com/support/pages/node/7149856 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38386 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38386
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite for Software 1.10.12.0 a 1.10.19.0 no configuran el atributo SameSite para cookies confidenciales que podrían permitir a un atacante obtener información confidencial mediante técnicas man-in-the-middle. ID de IBM X-Force: 233778. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 https://www.ibm.com/support/pages/node/7149811 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38002 – IBM Storage Scale session fixation
https://notcve.org/view.php?id=CVE-2023-38002
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208. IBM Storage Scale 5.1.0.0 a 5.1.9.2 podría permitir que un usuario autenticado robe o manipule una sesión activa para obtener acceso al sistema. ID de IBM X-Force: 260208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260208 https://www.ibm.com/support/pages/node/7149699 • CWE-384: Session Fixation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25026 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-25026
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.4 son vulnerables a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 https://www.ibm.com/support/pages/node/7149330 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47731 – IBM QRadar Suite Software cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47731
IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. IBM QRadar Suite Software 1.10.12.0 a 1.10.19.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 son vulnerables a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272203 https://https://www.ibm.com/support/pages/node/7148994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •