CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29260 – IBM Sterling Connect:Express for UNIX server-side request forgery
https://notcve.org/view.php?id=CVE-2023-29260
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252135 https://www.ibm.com/support/pages/node/7010923 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29259 – IBM Sterling Connect:Express for UNIX information disclosure
https://notcve.org/view.php?id=CVE-2023-29259
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252055 https://www.ibm.com/support/pages/node/7010921 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22023
https://notcve.org/view.php?id=CVE-2023-22023
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. • https://www.oracle.com/security-alerts/cpujul2023.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4146 – EL Injection Vulnerability in Hitachi Replication Manager
https://notcve.org/view.php?id=CVE-2022-4146
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-123/index.html • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-30442 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-30442
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253202 https://security.netapp.com/advisory/ntap-20230731-0007 https://www.ibm.com/support/pages/node/7010561 • CWE-20: Improper Input Validation •