CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22317 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-22317
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.24 y 12.0.1.0 a 12.0.11.0 podría permitir a un atacante remoto obtener información confidencial o provocar una denegación de servicio debido a una restricción inadecuada de intentos de autenticación excesivos. ID de IBM X-Force: 279143. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 https://www.ibm.com/support/pages/node/7108661 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-50950 – IBM QRadar information disclosure
https://notcve.org/view.php?id=CVE-2023-50950
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. IBM QRadar SIEM 7.5 podría revelar información confidencial de correo electrónico en respuestas a reglas de infracción. ID de IBM X-Force: 275709. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275709 https://www.ibm.com/support/pages/node/7108657 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38267 – IBM Security Access Manager Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-38267
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga información de configuración confidencial. ID de IBM X-Force: 260584. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260584 https://www.ibm.com/support/pages/node/7106586 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31001 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31001
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente información confidencial en archivos a los que un usuario local podría acceder. ID de IBM X-Force: 254653. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254653 https://www.ibm.com/support/pages/node/7106586 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31003 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31003
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force: 254658. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254658 https://www.ibm.com/support/pages/node/7106586 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •