CVE-2023-38737 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2023-38737
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. IBM WebSphere Application Server Liberty 22.0.0.13 a 23.0.0.7 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262567 https://www.ibm.com/support/pages/node/7027509 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2023-35890 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-35890
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. IBM WebSphere Application Server v8.5 y v9.0 podrían proporcionar una seguridad más débil de lo esperado, causada por la codificación incorrecta en un archivo de configuración local. ID de IBM X-Force: 258637. • https://https://www.ibm.com/support/pages/node/7007857 https://www.ibm.com/support/pages/node/7007857 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-27554 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2023-27554
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249185 https://www.ibm.com/support/pages/node/6989451 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-39161 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-39161
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235069 https://www.ibm.com/support/pages/node/6987779 • CWE-295: Improper Certificate Validation •
CVE-2023-30441 – IBM Java information disclosure
https://notcve.org/view.php?id=CVE-2023-30441
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 https://www.ibm.com/support/pages/node/6985011 https://www.ibm.com/support/pages/node/6986617 https://www.ibm.com/support/pages/node/6986637 https://www.ibm.com/support/pages/node/6987167 https://access.redhat.com/security/cve/CVE-2023-30441 https://bugzilla.redhat.com/show_bug.cgi?id=2188465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •