CVE-2023-42010 – IBM Sterling B2B Integrator Standard Edition information disclosure
https://notcve.org/view.php?id=CVE-2023-42010
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.2 podría revelar información confidencial en la respuesta HTTP utilizando técnicas de intermediario. ID de IBM X-Force: 265507. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265507 https://www.ibm.com/support/pages/node/7160433 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2022-35640 – IBM Sterling Partner Engagement Manager information disclosure
https://notcve.org/view.php?id=CVE-2022-35640
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230933 https://www.ibm.com/support/pages/node/7160300 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-40690 – IBM InfoSphere Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-40690
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720. IBM InfoSphere Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a un usuario autenticado incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297720 https://www.ibm.com/support/pages/node/7160103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-33860 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2023-33860
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702. IBM Security QRadar EDR 3.12 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257702 https://www.ibm.com/support/pages/node/7159770 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVE-2023-33859 – IBM Security ReaQta information disclosure
https://notcve.org/view.php?id=CVE-2023-33859
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. IBM Security QRadar EDR 3.12 podría revelar información confidencial debido a una discrepancia observable en la respuesta de inicio de sesión. ID de IBM X-Force: 257697. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257697 https://www.ibm.com/support/pages/node/7159770 • CWE-204: Observable Response Discrepancy •