CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38735 – IBM Cognos Dashboards improper authentication
https://notcve.org/view.php?id=CVE-2023-38735
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 podría permitir a un atacante remoto omitir las restricciones de seguridad, causadas por una falla de tabulación inversa. Un atacante podría aprovechar esta vulnerabilidad y redirigir a la víctima a un sitio de phishing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262482 https://www.ibm.com/support/pages/node/7031207 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38276 – IBM Cognos Dashboards information disclosure
https://notcve.org/view.php?id=CVE-2023-38276
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone información confidencial en variables de entorno que podrían ayudar en futuros ataques contra el system. ID de IBM X-Force: 260736. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260736 https://www.ibm.com/support/pages/node/7031207 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38275 – IBM Cognos Dashboards information disclosure
https://notcve.org/view.php?id=CVE-2023-38275
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone información confidencial en imágenes de contenedores que podrían provocar más ataques contra el system. ID de IBM X-Force: 260730. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260735 https://www.ibm.com/support/pages/node/7031207 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43891 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2022-43891
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454. IBM Security Verify Privilege On-Premises 11.5 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el System. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240454 https://www.ibm.com/support/pages/node/7047202 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43892 – IBM Security Verify Privilege information disclosure
https://notcve.org/view.php?id=CVE-2022-43892
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455. IBM Security Verify Privilege On-Premises 11.5 no valida, o valida incorrectamente, un certificado que podría revelar información confidencial que podría contribuir a futuros ataques contra el System. ID de IBM X-Force: 240455. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240455 https://www.ibm.com/support/pages/node/7047202 • CWE-295: Improper Certificate Validation •