CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-50959 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-50959
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.0.2 pueden permitir a los usuarios finales consultar más documentos de los esperados desde un sistema de gestión de contenido empresarial conectado cuando se configura para usar una cuenta del sistema. ID de IBM X-Force: 275938. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275938 https://www.ibm.com/support/pages/node/7145492 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22353 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-22353
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 https://www.ibm.com/support/pages/node/7145365 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25027 – IBM Security Verify Access Container information disclosure
https://notcve.org/view.php?id=CVE-2024-25027
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. IBM Security Verify Access 10.0.6 podría revelar información confidencial de instantáneas debido a la falta de cifrado. ID de IBM X-Force: 281607. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281607 https://www.ibm.com/support/pages/node/7145400 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27270 – IBM WebSphere Application Server Liberty cross-site scripting
https://notcve.org/view.php?id=CVE-2024-27270
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. IBM WebSphere Application Server Liberty 23.0.0.3 a 24.0.0.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en un URI especialmente manipulado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284576 https://www.ibm.com/support/pages/node/7145231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50961 – IBM QRadar cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50961
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939. IBM QRadar SIEM 7.5 es vulnerable a cross-site scripting almacenadas. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275939 https://www.ibm.com/support/pages/node/7145262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •