CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42012 – IBM UrbanCode Deploy denial of service
https://notcve.org/view.php?id=CVE-2023-42012
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. IBM UrbanCode Deploy Agent 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 instalado como un servicio de Windows en una ubicación no estándar podría estar sujeto a un ataque de denegación de servicio por parte de cuentas locales. ID de IBM X-Force: 265509. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265509 https://www.ibm.com/support/pages/node/7096548 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42013 – IBM UrbanCode Deploy information disclosure
https://notcve.org/view.php?id=CVE-2023-42013
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265510 https://www.ibm.com/support/pages/node/7096547 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45172 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2023-45172
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970. IBM AIX 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en Windows AIX para provocar una denegación de servicio. ID de IBM X-Force: 267970. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267970 https://www.ibm.com/support/pages/node/7099314 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-47146 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2023-47146
IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372. IBM Qradar SIEM 7.5 podría permitir a un usuario privilegiado obtener información confidencial del dominio debido a una identificación errónea de los datos. ID de IBM X-Force: 270372. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270372 https://https://www.ibm.com/support/pages/node/7099297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42015 – IBM UrbanCode Deploy HTML injection
https://notcve.org/view.php?id=CVE-2023-42015
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 https://www.ibm.com/support/pages/node/7096546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •