CVSS: 4.9EPSS: 0%CPEs: 54EXPL: 0CVE-2023-40691 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40691
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1 y 22.0.2 pueden revelar información confidencial contenida en la configuración de la aplicación a los usuarios desarrolladores y administradores. ID de IBM X-Force: 264805. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264805 https://www.ibm.com/support/pages/node/7096365 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47741 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2023-47741
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. Los clientes de navegador web IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror para i 7.4 y 7.5 pueden dejar contraseñas de texto plano en la memoria del navegador que se pueden ver usando herramientas comunes del navegador antes de que la memoria sea recolectada como basura. Un actor malintencionado con acceso al PC de la víctima podría aprovechar esta vulnerabilidad para obtener acceso al sistema operativo IBM i. • https://www.ibm.com/support/pages/node/7097785 https://www.ibm.com/support/pages/node/7097801 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46177 – IBM MQ Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-46177
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. IBM MQ Appliance 9.3 LTS y 9.3 CD podrían permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 https://www.ibm.com/support/pages/node/7091235 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45185 – IBM i Access Client Solutions code execution
https://notcve.org/view.php?id=CVE-2023-45185
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273. IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podrían permitir a un atacante ejecutar código remoto. Debido a controles de autoridad inadecuados, el atacante podría realizar operaciones en la PC bajo la autoridad del usuario. • https://github.com/afine-com/CVE-2023-45185 https://exchange.xforce.ibmcloud.com/vulnerabilities/268273 https://www.ibm.com/support/pages/node/7091942 • CWE-863: Incorrect Authorization •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45182 – IBM i Access Client Solutions information disclosure
https://notcve.org/view.php?id=CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. IBM i Access Client Solutions 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 es vulnerable a que se decodifique su clave para una contraseña cifrada. Al obtener acceso de alguna manera a la contraseña cifrada, un atacante local podría aprovechar esta vulnerabilidad para obtener la contraseña de otros sistemas. • https://github.com/afine-com/CVE-2023-45182 https://exchange.xforce.ibmcloud.com/vulnerabilities/268265 https://www.ibm.com/support/pages/node/7091942 • CWE-922: Insecure Storage of Sensitive Information •