CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28784 – IBM QRadar cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28784
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. IBM QRadar SIEM 7.5 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285893 https://https://www.ibm.com/support/pages/node/7145260 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22356 – IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
https://notcve.org/view.php?id=CVE-2024-22356
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.9.0 e IBM Integration Bus para z/OS 10.1 a 10.1.0.2 almacenan información potencialmente confidencial en archivos de registro o rastreo que un usuario privilegiado podría leer. ID de IBM X-Force: 280893. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 https://www.ibm.com/support/pages/node/7145144 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33855 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2023-33855
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676. Bajo ciertas condiciones, las operaciones RSA realizadas por IBM Common Cryptographic Architecture (CCA) 7.0.0 a 7.5.36 pueden exhibir un comportamiento de tiempo no constante. Esto podría permitir que un atacante remoto obtenga información confidencial mediante un ataque basado en tiempo. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257676 https://www.ibm.com/support/pages/node/7145168 • CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47150 – IBM Common Cryptographic Architecture denial of service
https://notcve.org/view.php?id=CVE-2023-47150
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. IBM Common Cryptographic Architecture (CCA) 7.0.0 a 7.5.36 podría permitir que un usuario remoto provoque una denegación de servicio debido al manejo incorrecto de datos para ciertos tipos de operaciones AES. ID de IBM X-Force: 270602. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270602 https://www.ibm.com/support/pages/node/7145168 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32754 – IBM Security Verify Directory cross-site scripting
https://notcve.org/view.php?id=CVE-2022-32754
IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. IBM Security Verify Directory 10.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 https://www.ibm.com/support/pages/node/7145001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •