CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40686 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40686
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. Management Central como parte de IBM i 7.2, 7.3, 7.4 y 7.5 Navigator contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo puede aprovechar esta vulnerabilidad para elevar los privilegios y obtener acceso a los componentes del sistema operativo. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264114 https://www.ibm.com/support/pages/node/7060686 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-43041 – IBM QRadar information disclosure
https://notcve.org/view.php?id=CVE-2023-43041
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808. IBM QRadar SIEM 7.5 es vulnerable a la exposición de la información, lo que permite a un usuario inquilino administrador delegado con un perfil de seguridad de dominio específico asignado ver datos de otros dominios. Esta vulnerabilidad se debe a una solución incompleta para CVE-2022-34352. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266808 https://www.ibm.com/support/pages/node/7060803 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46158 – IBM WebSphere Application Server session fixation
https://notcve.org/view.php?id=CVE-2023-46158
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. IBM WebSphere Application Server Liberty 23.0.0.9 a 23.0.0.10 podría proporcionar una seguridad más débil de lo esperado debido a un manejo inadecuado de la caducidad de recursos. ID de IBM X-Force: 268775. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 https://www.ibm.com/support/pages/node/7058356 • CWE-613: Insufficient Session Expiration •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-42031 – IBM CICS TX denial of service
https://notcve.org/view.php?id=CVE-2023-42031
IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016. IBM TXSeries para multiplataformas, 8.1, 8.2 y 9.1, CICS TX Standard CICS TX Advanced 10.1 y 11.1 podría permitir que un usuario privilegiado provoque una Denegación de Servicio (DoS) debido al consumo incontrolado de recursos. ID de IBM X-Force: 266016. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266061 https://www.ibm.com/support/pages/node/7056429 https://www.ibm.com/support/pages/node/7056433 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33837 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33837
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. IBM Security Verify Governance 10.0 no cifra información confidencial o crítica antes del almacenamiento o la transmisión. ID de IBM X-Force: 256020. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256020 https://www.ibm.com/support/pages/node/7057377 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •