CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40378 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40378
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584. IBM Directory Server para IBM i contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso a los componentes del sistema operativo host. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263584 https://www.ibm.com/support/pages/node/7047240 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-30994 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2023-30994
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 IBM QRadar SIEM 7.5.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 254138 • https://exchange.xforce.ibmcloud.com/vulnerabilities/254138 https://www.ibm.com/support/pages/node/7049133 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-40367 – IBM QRadar SIEM cross-site scripting
https://notcve.org/view.php?id=CVE-2023-40367
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376. IBM QRadar SIEM 7.5.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263376 https://www.ibm.com/support/pages/node/7049133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45176 – IBM App Connect Enterprise and IBM Integration Bus denial of service
https://notcve.org/view.php?id=CVE-2023-45176
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.10.0 e IBM Integration Bus 10.1 a 10.1.0.1 son vulnerables a una Denegación de Servicio (DoS) para los nodos de integración en Windows. ID de IBM X-Force: 247998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267998 https://www.ibm.com/support/pages/node/7051448 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43868 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2022-43868
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445. IBM Security Verify Access OIDC Provider podría revelar información de directorio que podría ayudar a los atacantes en futuros ataques contra el sistema. ID de IBM X-Force: 239445. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 https://www.ibm.com/support/pages/node/7028513 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •