Page 3 of 7187 results (0.006 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. • https://www.ibm.com/support/pages/node/7173128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. • https://www.ibm.com/support/pages/node/7170411 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. • https://www.ibm.com/support/pages/node/7168640 • CWE-297: Improper Validation of Certificate with Host Mismatch •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. • https://www.ibm.com/support/pages/node/7169765 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://www.ibm.com/support/pages/node/7169766 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •