CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38733 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38733
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 https://www.ibm.com/support/pages/node/7028223 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-33850 – IBM GSKit-Crypto information disclosure
https://notcve.org/view.php?id=CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 https://www.ibm.com/support/pages/node/7010369 https://www.ibm.com/support/pages/node/7022413 https://www.ibm.com/support/pages/node/7022414 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37440 – Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure
https://notcve.org/view.php?id=CVE-2023-37440
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44729 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44729
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. ... This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure. • http://www.openwall.com/lists/oss-security/2023/08/22/2 http://www.openwall.com/lists/oss-security/2023/08/22/4 https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://security.gentoo.org/glsa/202401-11 https://xmlgraphics.apache.org/security.html https://access.redhat.com/security/cve/CVE-2022-44729 https://bugzilla.redhat.com/show_bug.cgi?id=2233889 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44730 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44730
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks. • http://www.openwall.com/lists/oss-security/2023/08/22/3 http://www.openwall.com/lists/oss-security/2023/08/22/5 https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://security.gentoo.org/glsa/202401-11 https://xmlgraphics.apache.org/security.html https://access.redhat.com/security/cve/CVE-2022-44730 https://bugzilla.redhat.com/show_bug.cgi?id=2233899 • CWE-918: Server-Side Request Forgery (SSRF) •