CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-30223
https://notcve.org/view.php?id=CVE-2023-30223
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. • https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure https://packetstormsecurity.com https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32757 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-32757
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de las cuentas. ID de IBM X-Force: 228510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228510 https://www.ibm.com/support/pages/node/7001693 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33159 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33159
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228567 https://www.ibm.com/support/pages/node/7001693 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33163 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33163
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso crítico para la seguridad de una forma que permite que dicho recurso sea leído o modificado por actores no deseados. ID de IBM X-Force: 228571. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228571 https://www.ibm.com/support/pages/node/7001885 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25683 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-25683
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247592 https://www.ibm.com/support/pages/node/7002721 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •