CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31872 – IBM Security Verify Access Appliance missing certificate validation
https://notcve.org/view.php?id=CVE-2024-31872
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287316 https://www.ibm.com/support/pages/node/7147932 • CWE-295: Improper Certificate Validation CWE-599: Missing Validation of OpenSSL Certificate •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25029 – IBM Personal Communications code execution
https://notcve.org/view.php?id=CVE-2024-25029
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. IBM Personal Communications 14.0.6 a 15.0.1 incluye un servicio de Windows que es vulnerable a la ejecución remota de código (RCE) y a la escalada de privilegios local (LPE). • https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 https://www.ibm.com/support/pages/node/7147672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28787 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-28787
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. IBM Security Verify Access 10.0.0 a 10.0.7 e IBM Application Gateway 20.01 a 24.03 podrían permitir a un atacante remoto obtener información privada altamente confidencial o provocar una denegación de servicio mediante una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 286584. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286584 https://www.ibm.com/support/pages/node/7145828 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27268 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-27268
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574. IBM WebSphere Application Server Liberty 18.0.0.2 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 https://www.ibm.com/support/pages/node/7145809 https://www.kb.cert.org/vuls/id/421644 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22360 – IBM Db2 for Linux, UNIX and Windows denial of service
https://notcve.org/view.php?id=CVE-2024-22360
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio con una consulta especialmente manipulada en determinadas tablas de columnas. ID de IBM X-Force: 280905. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905 https://security.netapp.com/advisory/ntap-20240517-0003 https://www.ibm.com/support/pages/node/7145730 • CWE-20: Improper Input Validation •