CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 266057. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-42031 – IBM CICS TX denial of service
https://notcve.org/view.php?id=CVE-2023-42031
IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016. IBM TXSeries para multiplataformas, 8.1, 8.2 y 9.1, CICS TX Standard CICS TX Advanced 10.1 y 11.1 podría permitir que un usuario privilegiado provoque una Denegación de Servicio (DoS) debido al consumo incontrolado de recursos. ID de IBM X-Force: 266016. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266061 https://www.ibm.com/support/pages/node/7056429 https://www.ibm.com/support/pages/node/7056433 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-1995 – Insufficient Logging Vulnerability in HiRDB
https://notcve.org/view.php?id=CVE-2023-1995
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02. Vulnerabilidad de registro insuficiente en Hitachi HiRDB Server, HiRDB Server con función adicional, HiRDB Structured Data Access Facility. Este problema afecta al servidor HiRDB: antes del 09-60-39, antes del 09-65-23, antes del 09-66-17, antes del 10- 01-10, antes del 10-03-12, antes del 10-04-06, antes del 10-05-06, antes del 10-06-02; Servidor HiRDB con función adicional: antes de 09-60-2M, antes de 09-65-/W, antes de 09-66-/Q; Instalación de acceso a datos estructurados de HiRDB: antes del 60-09-39, antes del 03-10-12, antes del 04-10-06, antes del 06-10-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-133/index.html • CWE-778: Insufficient Logging •
CVE-2023-40371 – IBM AIX information disclosure
https://notcve.org/view.php?id=CVE-2023-40371
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263476 https://www.ibm.com/support/pages/node/7028420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •