CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45166 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-45166
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964. IBM AIX 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando piodmgrsu para obtener privilegios elevados. ID de IBM X-Force: 267964. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267964 https://www.ibm.com/support/pages/node/7095022 •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2023-49878 – IBM System Storage Virtualization Engine information disclosure
https://notcve.org/view.php?id=CVE-2023-49878
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272652 https://www.ibm.com/support/pages/node/7092383 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2023-49877 – IBM System Storage Virtualization Engine information disclosure
https://notcve.org/view.php?id=CVE-2023-49877
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651. IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podría permitir que un usuario autenticado remotamente obtenga información confidencial, causada por un filtrado inadecuado de las URL. Al enviar una solicitud HTTP GET especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para ver el código fuente de la aplicación, información de configuración del sistema u otros datos confidenciales relacionados con la interfaz de administración. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272651 https://www.ibm.com/support/pages/node/7092383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47722 – IBM API Connect information disclosure
https://notcve.org/view.php?id=CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. IBM API Connect V10.0.5.3 y V10.0.6.0 almacena las credenciales de usuario en la memoria caché del navegador que un usuario local puede leer. ID de IBM X-Force: 271912. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271912 https://www.ibm.com/support/pages/node/7087806 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28523 – IBM Informix Dynamic Server buffer overflow
https://notcve.org/view.php?id=CVE-2023-28523
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. IBM Informix Dynamic Server 12.10 y 14.10 onsmsync es vulnerable a un desbordamiento de búfer de almacenamiento dinámico, causado por una verificación de los límites inadecuada que podría permitir a un atacante ejecutar código arbitrario. ID de IBM X-Force: 250753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250753 https://www.ibm.com/support/pages/node/7070188 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •