CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38020 – IBM SOAR QRadar Plugin App log injection
https://notcve.org/view.php?id=CVE-2023-38020
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir a un usuario autenticado manipular la salida escrita en archivos de registro. ID de IBM X-Force: 260576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260576 https://www.ibm.com/support/pages/node/7111679 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38019 – IBM SOAR QRadar Plugin App directory traversal
https://notcve.org/view.php?id=CVE-2023-38019
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir a un atacante remoto atravesar directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260575 https://www.ibm.com/support/pages/node/7111679 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38263 – IBM SOAR QRadar Plugin App improper access controls
https://notcve.org/view.php?id=CVE-2023-38263
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podría permitir que un usuario autenticado realice acciones no autorizadas debido a controles de acceso inadecuados. ID de IBM X-Force: 260577. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260577 https://www.ibm.com/support/pages/node/7111679 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40744 – IBM Aspera Faspex cross-site scripting
https://notcve.org/view.php?id=CVE-2022-40744
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. IBM Aspera Faspex 5.0.6 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 https://www.ibm.com/support/pages/node/7111778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46159 – IBM Storage Ceph denial of service
https://notcve.org/view.php?id=CVE-2023-46159
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. IBM Storage Ceph 5.3z1, 5.3z5 y 6.1z1 podría permitir que un usuario autenticado en la red provoque una denegación de servicio por parte de RGW. ID de IBM X-Force: 268906. A flaw was found in Ceph. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268906 https://www.ibm.com/support/pages/node/7112263 https://access.redhat.com/security/cve/CVE-2023-46159 https://bugzilla.redhat.com/show_bug.cgi?id=2215374 • CWE-20: Improper Input Validation •