CVSS: 1.9EPSS: 0%CPEs: -EXPL: 0CVE-2023-31305
https://notcve.org/view.php?id=CVE-2023-31305
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40697 – IBM Common Licensing information disclosure
https://notcve.org/view.php?id=CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297895 https://www.ibm.com/support/pages/node/7165250 • CWE-521: Weak Password Requirements •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41736 – Information Disclosure vulnerability in SAP Permit to Work
https://notcve.org/view.php?id=CVE-2024-41736
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. • https://me.sap.com/notes/3475427 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41737 – Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)
https://notcve.org/view.php?id=CVE-2024-41737
On successful exploitation this can result in information disclosure. • https://me.sap.com/notes/3487537 https://url.sap/sapsecuritypatchday • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-41733 – Information Disclosure Vulnerability in SAP Commerce
https://notcve.org/view.php?id=CVE-2024-41733
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability • https://me.sap.com/notes/3471450 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •