CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45688 – Information leak via path traversal in Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45688
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command La falta de suficiente validación de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permite a un atacante autenticado obtener el tamaño de un archivo arbitrario en el sistema de archivos utilizando path traversal en el comando ftp "SIZE" • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4457
https://notcve.org/view.php?id=CVE-2023-4457
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2. • https://grafana.com/security/security-advisories/cve-2023-4457 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33836 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33836
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 256016. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/256016 https://www.ibm.com/support/pages/node/7047640 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35013 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35013
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. IBM Security Verify Governance 10.0, Identity Manager podría permitir que un usuario privilegiado local obtenga información confidencial del código fuente. ID de IBM X-Force: 257769. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257769 https://www.ibm.com/support/pages/node/7050358 • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-30994 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2023-30994
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 IBM QRadar SIEM 7.5.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 254138 • https://exchange.xforce.ibmcloud.com/vulnerabilities/254138 https://www.ibm.com/support/pages/node/7049133 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •