CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22484
https://notcve.org/view.php?id=CVE-2022-22484
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322. IBM Spectrum Protect Operations Center versiones 8.1.12 y 8.1.13, podría permitir a un atacante local obtener información confidencial, causada por las contraseñas de cuentas de usuario en texto plano potencialmente almacenadas en el historial de comandos de la aplicación del navegador. Al acceder al historial del navegador, un atacante podría explotar esta vulnerabilidad para obtener las contraseñas de otras cuentas de usuario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226322 https://www.ibm.com/support/pages/node/6586314 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22394
https://notcve.org/view.php?id=CVE-2022-22394
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. El servidor IBM Spectrum Protect versión 8.1.14.000, podría permitir a un atacante remoto omitir las restricciones de seguridad, causado por la aplicación inapropiada de los controles de acceso. Al iniciar sesión, un atacante podría explotar esta vulnerabilidad para omitir la seguridad y conseguir acceso no autorizado de administrador o de nodo al servidor vulnerable • https://exchange.xforce.ibmcloud.com/vulnerabilities/222147 https://www.ibm.com/support/pages/node/6564745 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22348
https://notcve.org/view.php?id=CVE-2022-22348
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.13.xxx, es vulnerable un tabnabbing inverso, que podría permitir reescribir una página enlazada desde Operations Center. • https://exchange.xforce.ibmcloud.com/vulnerabilities/220139 https://www.ibm.com/support/pages/node/6562855 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22346
https://notcve.org/view.php?id=CVE-2022-22346
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.13.xxx, es vulnerable a una vulnerabilidad de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario del que el sitio web confía. IBM X-Force ID: 220048 • https://exchange.xforce.ibmcloud.com/vulnerabilities/220048 https://www.ibm.com/support/pages/node/6562855 • CWE-352: Cross-Site Request Forgery (CSRF) •