NotCVE - vendor:"Ibm"

Page 59 of 7187 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-32337 – IBM Maximo Spatial Asset Management server-side request forgery

https://notcve.org/view.php?id=CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 https://www.ibm.com/support/pages/node/7107712 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-47718 – IBM Maximo Asset Management cross-site request forgery

https://notcve.org/view.php?id=CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. IBM Maximo Asset Management 7.6.1.3 y Manage Component 8.10 a 8.11 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 271843. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 https://www.ibm.com/support/pages/node/7107738 https://www.ibm.com/support/pages/node/7107740 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-35020 – IBM Sterling Control Center directory traversal

https://notcve.org/view.php?id=CVE-2023-35020

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. IBM Sterling Control Center versión 6.3.0 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257874 https://www.ibm.com/support/pages/node/7107788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-40683 – IBM OpenPages with Watson privilege escalation

https://notcve.org/view.php?id=CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorización insuficientes. Al autenticarse como usuario de OpenPages y utilizar API no públicas, un atacante podría aprovechar esta vulnerabilidad para eludir la seguridad y obtener acceso administrativo no autorizado a la aplicación. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 https://www.ibm.com/support/pages/node/7107774 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-38738 – IBM OpenPages with Watson information disclosure

https://notcve.org/view.php?id=CVE-2023-38738

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. IBM OpenPages con Watson 8.3 y 9.0 podría proporcionar una seguridad más débil de lo esperado en un entorno OpenPages utilizando autenticación nativa. Si OpenPages utiliza autenticación nativa, un atacante con acceso a la base de datos de OpenPages podría, mediante una serie de pasos especialmente manipulados, explotar esta debilidad y obtener acceso no autorizado a otras cuentas de OpenPages. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 https://www.ibm.com/support/pages/node/7107775 • CWE-257: Storing Passwords in a Recoverable Format •

1...57 58 59 60 61