CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-1602
https://notcve.org/view.php?id=CVE-2022-1602
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8. Se ha identificado una posible vulnerabilidad de seguridad en HP ThinPro versión 7.2 Service Pack 8 (SP8). La vulnerabilidad de seguridad en el SP8 no es mitigada después de actualizar del SP8 al Service Pack 9 (SP9). • https://support.hp.com/us-en/document/ish_6415074-6415171-16/hpsbhf03789 •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerables a una inyección de encabezados HTTP, causada por una comprobación inapropiada. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo el envenenamiento de la caché y ataques de tipo cross-site scripting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 https://www.ibm.com/support/pages/node/6618747 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23678
https://notcve.org/view.php?id=CVE-2022-23678
A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability. Una vulnerabilidad en las comunicaciones del cliente Aruba Virtual Intranet Access (VIA) para el sistema operativo Microsoft Windows que podría permitir a un atacante en una posición de red privilegiada interceptar información confidencial en las versiones del cliente Aruba Virtual Intranet Access (VIA) para el sistema operativo Microsoft Windows: versiones 4.3.0 build 2208101 y posteriores. Aruba ha publicado actualizaciones para el cliente Virtual Intranet Access (VIA) que abordan esta vulnerabilidad de seguridad. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28625
https://notcve.org/view.php?id=CVE-2022-28625
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. Se ha detectado una vulnerabilidad de divulgación local de información confidencial HPE OneView: Versiones anteriores a 7.0 o 6.60.01. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04304en_us • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39087
https://notcve.org/view.php?id=CVE-2021-39087
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4, y 6.1.1.0 hasta 6.1.1.1, podría permitir a un usuario autenticado obtener información confidencial debido a controles de permisos inapropiados. IBM X-Force ID: 216109. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216109 https://www.ibm.com/support/pages/node/6612541 • CWE-276: Incorrect Default Permissions •