CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36777 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-36777
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.16.0 podrían permitir a un usuario autenticado obtener información confidencial de la versión que podría ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 233665. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233665 https://www.ibm.com/support/pages/node/7080058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35638 – IBM Sterling B2B Integrator cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-35638
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 230824. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230824 https://www.ibm.com/support/pages/node/7080104 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38361 – IBM CICS TX Advanced information disclosure
https://notcve.org/view.php?id=CVE-2023-38361
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. IBM CICS TX Advanced 10.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 260770. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260770 https://www.ibm.com/support/pages/node/7066431 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40363 – IBM InfoSphere Information Server privilege escalation
https://notcve.org/view.php?id=CVE-2023-40363
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. IBM InfoSphere Information Server 11.7 podría permitir a un usuario autenticado cambiar los archivos de instalación debido a una configuración incorrecta de permisos de archivos. ID de IBM X-Force: 263332. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263332 https://www.ibm.com/support/pages/node/7070742 • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38364 – IBM CICS TX Advanced cross-site scripting
https://notcve.org/view.php?id=CVE-2023-38364
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821. IBM CICS TX Advanced 10.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260821 https://www.ibm.com/support/pages/node/7066429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •