CVSS: 9.8EPSS: 64%CPEs: 6EXPL: 0CVE-2024-22320 – IBM Operational Decision Manager code execution
https://notcve.org/view.php?id=CVE-2024-22320
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. IBM Operational Decision Manager versiones 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podrían permitir que un atacante remoto autenticado ejecute código arbitrario en el sistema, causado por una deserialización insegura. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto de SYSTEM. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 https://www.ibm.com/support/pages/node/7112382 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 60%CPEs: 6EXPL: 0CVE-2024-22319 – IBM Operational Decision Manager JDNI injection
https://notcve.org/view.php?id=CVE-2024-22319
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podría permitir a un atacante remoto realizar una inyección LDAP. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para inyectar contenido no sanitizado en el filtro LDAP. ID de IBM X-Force: 279145. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 https://www.ibm.com/support/pages/node/7112382 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32333 – IBM Maximo Asset Management improper access control
https://notcve.org/view.php?id=CVE-2023-32333
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. IBM Maximo Asset Management versión 7.6.1.3 podría permitir que un atacante remoto inicie sesión en el panel de administración debido a controles de acceso inadecuados. ID de IBM X-Force: 255073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255073 https://www.ibm.com/support/pages/node/7112388 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50962 – IBM PowerSC information disclosure
https://notcve.org/view.php?id=CVE-2023-50962
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. IBM PowerSC 1.3, 2.0 y 2.1 MFA no implementa el mecanismo de política de seguridad web "HTTP Strict Transport Security" (HSTS). ID de IBM X-Force: 276004. • https://exchange.xforce.ibmcloud.com/vulnerabilities/276004 https://www.ibm.com/support/pages/node/7113759 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50328 – IBM PowerSC information disclosure
https://notcve.org/view.php?id=CVE-2023-50328
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. IBM PowerSC 1.3, 2.0 y 2.1 puede permitir a un atacante remoto ver identificadores de sesión pasados a través de cadenas de consulta URL. ID de IBM X-Force: 275110. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275110 https://www.ibm.com/support/pages/node/7113759 • CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •