CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35888 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35888
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258375 https://www.ibm.com/support/pages/node/7144228 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38938 – IBM Host Access Transformation Services information disclosure
https://notcve.org/view.php?id=CVE-2021-38938
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989. IBM Host Access Transformation Services (HATS) 9.6 a 9.6.1.4 y 9.7 a 9.7.0.3 almacena las credenciales de usuario en texto sin formato que puede ser leído por un usuario local. ID de IBM X-Force: 210989. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210989 https://www.ibm.com/support/pages/node/6832964 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46181 – IBM Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-46181
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 269686. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269686 https://www.ibm.com/support/pages/node/7142038 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47699 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47699
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270974 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47147 – IBM Secure Proxy file manipulation
https://notcve.org/view.php?id=CVE-2023-47147
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 podría permitir a un atacante sobrescribir un mensaje de registro en condiciones específicas. ID de IBM X-Force: 270598. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270598 https://www.ibm.com/support/pages/node/7142038 • CWE-73: External Control of File Name or Path •