CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46179 – IBM Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-46179
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269683 https://www.ibm.com/support/pages/node/7142038 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47162 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47162
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270973 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46182 – IBM Secure Proxy cross-site scripting
https://notcve.org/view.php?id=CVE-2023-46182
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. IBM Sterling Secure Proxy 6.0.3 y 6.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269692 https://www.ibm.com/support/pages/node/7142038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22346 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-22346
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. Db2 para la infraestructura IBM i 7.2, 7.3, 7.4 y 7.5 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada de biblioteca no calificada. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecute con privilegios de administrador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 https://www.ibm.com/support/pages/node/7140499 • CWE-264: Permissions, Privileges, and Access Controls CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27265 – IBM Integration Bus for z/OS cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-27265
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. IBM Integration Bus para z/OS 10.1 a 10.1.0.3 es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 284564. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284564 https://www.ibm.com/support/pages/node/7140678 • CWE-352: Cross-Site Request Forgery (CSRF) •