CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43842 – IBM Aspera Console SQL injection
https://notcve.org/view.php?id=CVE-2022-43842
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079. IBM Aspera Console 3.4.0 a 3.4.2 es vulnerable a la inyección SQL. Un atacante remoto podría enviar declaraciones SQL especialmente diseñadas, que podrían permitirle ver, agregar, modificar o eliminar información en la base de datos back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239079 https://www.ibm.com/support/pages/node/7122632 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50955 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50955
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. IBM InfoSphere Information Server 11.7 podría permitir que un usuario privilegiado autenticado obtenga la ruta absoluta de la instalación del servidor web, lo que podría ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 275777. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275777 https://www.ibm.com/support/pages/node/7116610 • CWE-36: Absolute Path Traversal •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33843 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-33843
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544. IBM InfoSphere Information Server 11.7 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256544 https://www.ibm.com/support/pages/node/7116607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50306 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2023-50306
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. IBM Common Licensing 9.0 podría permitir a un usuario local enumerar nombres de usuario debido a una discrepancia de respuesta observable. ID de IBM X-Force: 273337. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273337 https://www.ibm.com/support/pages/node/7120660 • CWE-204: Observable Response Discrepancy •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41737 – IBM Spectrum Scale security bypass
https://notcve.org/view.php?id=CVE-2022-41737
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811. IBM Storage Scale Container Native Storage Access 5.1.2.1 a 5.1.7.0 podría permitir a un atacante local iniciar conexiones desde un contenedor fuera del espacio de nombres actual. ID de IBM X-Force: 237811. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237811 https://www.ibm.com/support/pages/node/7095312 • CWE-287: Improper Authentication •