CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42017 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2023-42017
IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. IBM Planning Analytics Local 2.0 podría permitir a un atacante remoto cargar archivos arbitrarios, provocados por la validación inadecuada de las extensiones de archivo. Al enviar una solicitud HTTP especialmente manipulada, un atacante remoto podría aprovechar esta vulnerabilidad para cargar un script malicioso, lo que podría permitir al atacante ejecutar código arbitrario en el sistema vulnerable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 https://www.ibm.com/support/pages/node/7096528 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45165 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2023-45165
IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. IBM AIX 7.2 y 7.3 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el cliente SMB de AIX para provocar una denegación de servicio. ID de IBM X-Force: 267963. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267963 https://www.ibm.com/support/pages/node/7100970 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35895 – IBM Informix JDBC code execution
https://notcve.org/view.php?id=CVE-2023-35895
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. IBM Informix JDBC Driver 4.10 y 4.50 es susceptible a ataques de ejecución remota de código mediante inyección JNDI al pasar un argumento no marcado a una determinada API. ID de IBM X-Force: 259116. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259116 https://www.ibm.com/support/pages/node/7099762 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47707 – IBM Security Guardium Key Lifecycle Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47707
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. IBM Security Guardium Key Lifecycle Manager 4.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271522 https://www.ibm.com/support/pages/node/7091157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47703 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-47703
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. IBM Security Guardium Key Lifecycle Manager 4.3 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271197 https://www.ibm.com/support/pages/node/7091157 • CWE-209: Generation of Error Message Containing Sensitive Information •