CVSS: 3.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-33849 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-33849
07 Jun 2023 — IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257105 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-33848 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2023-33848
07 Jun 2023 — IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2023-32336 – IBM InfoSphere Information Server code execution
https://notcve.org/view.php?id=CVE-2023-32336
22 May 2023 — IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255285 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47984 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2022-47984
19 May 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22878 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-22878
19 May 2023 — IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244373 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28529 – IBM InfoSphere Information Server 11.7
https://notcve.org/view.php?id=CVE-2023-28529
19 May 2023 — IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/251213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-28950 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28950
19 May 2023 — IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251358 •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2023-28514 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2023-28514
19 May 2023 — IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250398 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.4EPSS: 3%CPEs: 4EXPL: 1CVE-2023-28528 – IBM AIX command execution
https://notcve.org/view.php?id=CVE-2023-28528
28 Apr 2023 — IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. • https://packetstorm.news/files/id/172458 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26286 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-26286
26 Apr 2023 — IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248421 •