CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22423
https://notcve.org/view.php?id=CVE-2022-22423
23 Sep 2022 — IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596. IBM Common Cryptographic Architecture (versiones CCA 5.x MTM para 4767 y CCA 7.x MTM para 4769) podría permitir a un usuario local causar una denegación de servicio debido a una comprobación de entrada inapropiada. IBM X-Force ID: 223596. • https://exchange.xforce.ibmcloud.com/vulnerabilities/223596 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
13 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
09 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerable... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35643
https://notcve.org/view.php?id=CVE-2022-35643
29 Jul 2022 — IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. IBM PowerVM VIOS versión 3.1, podría permitir a un atacante remoto manipular la configuración del sistema o causar una denegación de servicio. IBM X-Force ID: 230956 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230956 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22477
https://notcve.org/view.php?id=CVE-2022-22477
14 Jul 2022 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. IBM WebSphere Application Server versiones 8.5 y 9.0 es vulnerable al cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22473
https://notcve.org/view.php?id=CVE-2022-22473
14 Jul 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un atacante remoto obtener información confidencial causada por un manejo inapropiado de los datos de la Consola Administrativa. Esta información podría usarse... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225347 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34358
https://notcve.org/view.php?id=CVE-2022-34358
13 Jul 2022 — IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. IBM i versiones 7.2, 7.3, 7.4 y 7.5 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/230516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22495
https://notcve.org/view.php?id=CVE-2022-22495
24 May 2022 — IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. IBM i versiones 7.3, 7.4 y 7.5, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226941 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22481
https://notcve.org/view.php?id=CVE-2022-22481
09 May 2022 — IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. IBM Navigator para i versiones 7.2, 7.3 y 7.4 (versión de herencia), podría p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225899 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22310
https://notcve.org/view.php?id=CVE-2022-22310
19 Jan 2022 — IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. IBM WebSphere Application Server Liberty versiones 21.0.0.10 hasta 21.0.0.12, podría proporcionar una seguridad más débil de lo esperado. Un atacante remoto podría explotar esta debilidad para obtener información confidencial y conseguir acces... • https://exchange.xforce.ibmcloud.com/vulnerabilities/217224 •