CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27545 – IBM Watson CloudPak for Data Data Stores information disclosure
https://notcve.org/view.php?id=CVE-2023-27545
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947. La divulgación de información de IBM Watson CloudPak for Data Data Stores 4.6.0 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 248947. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248947 https://www.ibm.com/support/pages/node/6965446 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38372 – IBM Watson IoT Platform information disclosure
https://notcve.org/view.php?id=CVE-2023-38372
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201. Un atacante no autorizado que haya obtenido un token de autenticación de seguridad de IBM Watson IoT Platform 1.0 puede utilizarlo para hacerse pasar por un usuario de plataforma autorizado. ID de IBM X-Force: 261201. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261201 https://www.ibm.com/support/pages/node/7020635 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50303 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50303
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333. IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273333 https://www.ibm.com/support/pages/node/7116120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32344 – IBM Cognos Analytics cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-32344
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. IBM Cognos Analytics 11.1.7, 11.2.4 y 12.0.0 es vulnerable al secuestro de acciones de formulario, donde es posible modificar la acción de formulario para hacer referencia a una ruta arbitraria. ID de IBM X-Force: 255898. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255898 https://security.netapp.com/advisory/ntap-20240405-0002 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.ibm.com/support/pages/node/7123154 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38359 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-38359
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744. IBM Cognos Analytics 11.1.7, 11.2.4 y 12.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260744 https://security.netapp.com/advisory/ntap-20240405-0003 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.ibm.com/support/pages/node/7123154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •