CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46183 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-46183
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695. IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1020.00 a FW1020.40 y FW1030.00 a FW1030.30 podrían permitir a un administrador del sistema obtener información confidencial de la partición. ID de IBM X-Force: 269695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269695 https://www.ibm.com/support/pages/node/7114982 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33851 – IBM PowerVM Hypervisor information disclosure
https://notcve.org/view.php?id=CVE-2023-33851
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. IBM PowerVM Hypervisor FW950.00 a FW950.90, FW1020.00 a FW1020.40 y FW1030.00 a FW1030.30 podrían revelar datos de partición confidenciales a un administrador del sistema. ID de IBM X-Force: 257135. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257135 https://www.ibm.com/support/pages/node/7114491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 68EXPL: 0CVE-2023-50947 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50947
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. IBM Business Automation Workflow 22.0.2, 23.0.1 y 23.0.2 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 https://www.ibm.com/support/pages/node/7114419 https://www.ibm.com/support/pages/node/7114430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31006 – IBM Security Access Manager Container denial of service
https://notcve.org/view.php?id=CVE-2023-31006
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) es vulnerable a ataques de denegación de servicio en el servidor DSC. ID de IBM X-Force: 254776. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254776 https://www.ibm.com/support/pages/node/7106586 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31004 – IBM Security Access Manager Container gain access
https://notcve.org/view.php?id=CVE-2023-31004
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. IBM Security Access Manager Container (IBM Security Verify Access Appliance v10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker v10.0.0.0 a 10.0.6.1) podría permitir a un atacante remoto obtener acceso al sistema subyacente utilizando técnicas de intermediario. ID de IBM X-Force: 254765. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254765 https://www.ibm.com/support/pages/node/7106586 • CWE-300: Channel Accessible by Non-Endpoint •