CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38280 – IBM Power HMC privilege escalation
https://notcve.org/view.php?id=CVE-2023-38280
IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. IBM HMC (Hardware Management Console) 10.1.1010.0 y 10.2.1030.0 podría permitir a un usuario local escalar sus privilegios al acceso root en un shell restringido. ID de IBM X-Force: 260740. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260740 https://www.ibm.com/support/pages/node/7047713 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40377 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40377
Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583. Backup, Recovery, and Media Services (BRMS) para IBM i 7.2, 7.3 y 7.4 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso a los componentes del sistema operativo host. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263583 https://www.ibm.com/support/pages/node/7048121 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33836 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33836
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 256016. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/256016 https://www.ibm.com/support/pages/node/7047640 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35018 – IBM Security Verify Governance file upload
https://notcve.org/view.php?id=CVE-2023-35018
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. IBM Security Verify Governance 10.0 podría permitir un uso privilegiado para cargar archivos arbitrarios debido a una validación de archivos incorrecta. ID de IBM X-Force: 259382. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259382 https://www.ibm.com/support/pages/node/7050358 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35013 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-35013
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. IBM Security Verify Governance 10.0, Identity Manager podría permitir que un usuario privilegiado local obtenga información confidencial del código fuente. ID de IBM X-Force: 257769. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257769 https://www.ibm.com/support/pages/node/7050358 • CWE-540: Inclusion of Sensitive Information in Source Code CWE-668: Exposure of Resource to Wrong Sphere •