CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4065 – Operator: plaintext password in operator log
https://notcve.org/view.php?id=CVE-2023-4065
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. Se encontró una falla en Red Hat AMQ Broker Operador, donde mostraba una contraseña definida en ActiveMQArtemisAddress CR, que se muestra en texto plano en el Registro del Operador. Esta falla permite que un atacante local autenticado acceda a información fuera de sus permisos. • https://access.redhat.com/errata/RHSA-2023:4720 https://access.redhat.com/security/cve/CVE-2023-4065 https://bugzilla.redhat.com/show_bug.cgi?id=2224630 • CWE-117: Improper Output Neutralization for Logs CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4066 – Operator: passwords defined in secrets shown in statefulset yaml
https://notcve.org/view.php?id=CVE-2023-4066
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. Se encontró una falla en AMQ Broker de Red Hat, que almacena ciertas contraseñas en un módulo secreto de propiedades de seguridad definido en ActivemqArtemisSecurity CR; sin embargo, se muestran en texto plano en el yaml de detalles de StatefulSet de AMQ Broker. • https://access.redhat.com/errata/RHSA-2023:4720 https://access.redhat.com/security/cve/CVE-2023-4066 https://bugzilla.redhat.com/show_bug.cgi?id=2224677 • CWE-312: Cleartext Storage of Sensitive Information CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40370 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 https://www.ibm.com/support/pages/node/7028218 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38733 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38733
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 https://www.ibm.com/support/pages/node/7028223 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38734 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-38734
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 https://www.ibm.com/support/pages/node/7028227 • CWE-269: Improper Privilege Management •