CVE-2023-46701 – Inaccessible Post Information Leak via Run Timeline IDOR
https://notcve.org/view.php?id=CVE-2023-46701
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID Mattermost no realiza comprobaciones de autorización en el endpoint /plugins/playbooks/api/v0/runs/add-to-timeline-dialog del complemento Playbooks, lo que permite a un atacante obtener información limitada sobre una publicación si conoce el ID de la publicación. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2023-49580 – Information disclosure in SAP GUI for Windows and SAP GUI for Java
https://notcve.org/view.php?id=CVE-2023-49580
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP. SAP GUI para Windows y SAP GUI para Java: versiones SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, permiten que un atacante no autenticado acceda a información que de otro modo estaría restringida y confidencial. Además, esta vulnerabilidad permite que un atacante no autenticado cree configuraciones de diseño de ABAP List Viewer y con esto causa un impacto leve en la integridad y la disponibilidad, por ejemplo, también aumenta los tiempos de respuesta del AS ABAP. • https://me.sap.com/notes/3385711 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-49795 – MindsDB Server-Side Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2023-49795
This can lead to limited information disclosure. • https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-6538 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
https://notcve.org/view.php?id=CVE-2023-6538
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. ... Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/51915 https://github.com/Arszilla/CVE-2023-6538 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. • CWE-285: Improper Authorization •
CVE-2023-47722 – IBM API Connect information disclosure
https://notcve.org/view.php?id=CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. IBM API Connect V10.0.5.3 y V10.0.6.0 almacena las credenciales de usuario en la memoria caché del navegador que un usuario local puede leer. ID de IBM X-Force: 271912. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271912 https://www.ibm.com/support/pages/node/7087806 • CWE-522: Insufficiently Protected Credentials •