CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22361 – IBM Semeru Runtime information disclosure
https://notcve.org/view.php?id=CVE-2024-22361
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. IBM Semeru Runtime 8.0.302.0 a 8.0.392.0, 11.0.12.0 a 11.0.21.0, 17.0.1.0 - 17.0.9.0 y 21.0.1.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 281222. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281222 https://www.ibm.com/support/pages/node/7116431 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42016 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-42016
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265559 https://www.ibm.com/support/pages/node/7116083 • CWE-319: Cleartext Transmission of Sensitive Information CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32341 – IBM Sterling B2B Integrator denial of service
https://notcve.org/view.php?id=CVE-2023-32341
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. IBM Sterling B2B Integrator 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 podría permitir que un usuario autenticado provoque una denegación de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 255827. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255827 https://www.ibm.com/support/pages/node/7116081 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22332 – IBM Integration Bus for z/OS denial of service
https://notcve.org/view.php?id=CVE-2024-22332
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. IBM Integration Bus para z/OS 10.1 a 10.1.0.2 AdminAPI es vulnerable a una denegación de servicio debido al agotamiento del sistema de archivos. ID de IBM X-Force: 279972. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279972 https://https://www.ibm.com/support/pages/node/7116046 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45191 – IBM Engineering Lifecycle Optimization information disclosure
https://notcve.org/view.php?id=CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •