CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25687 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25687
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247602 https://www.ibm.com/support/pages/node/6962729 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25689 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25689
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247618 https://www.ibm.com/support/pages/node/6962729 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-27873 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-27873
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249654 https://www.ibm.com/support/pages/node/6964694 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-27871 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-27871
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249613 https://www.ibm.com/support/pages/node/6964694 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45124
https://notcve.org/view.php?id=CVE-2022-45124
An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •