CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22357 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-22357
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. IBM Sterling B2B Integrator 6.0.0.0 a 6.0.3.9, 6.1.0.0 a 6.1.2.3 y 6.2.0.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280894 https://www.ibm.com/support/pages/node/7148010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50949 – IBM QRadar improper certificate validation
https://notcve.org/view.php?id=CVE-2023-50949
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. IBM QRadar SIEM 7.5 podría permitir que un usuario no autorizado realice acciones no autorizadas debido a una validación de certificado incorrecta. ID de IBM X-Force: 275706. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275706 https://www.ibm.com/support/pages/node/7147933 • CWE-295: Improper Certificate Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31874 – IBM Security Verify Access Appliance denial of service
https://notcve.org/view.php?id=CVE-2024-31874
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287318 https://www.ibm.com/support/pages/node/7147932 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31873 – IBM Security Verify Access Appliance information disclosure
https://notcve.org/view.php?id=CVE-2024-31873
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287317 https://www.ibm.com/support/pages/node/7147932 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31871 – IBM Security Verify Access Appliance improper certificate validation
https://notcve.org/view.php?id=CVE-2024-31871
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287306 https://www.ibm.com/support/pages/node/7147932 • CWE-295: Improper Certificate Validation •