CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40682 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. IBM App Connect Enterprise versiones 12.0.1.0 a la 12.0.8.0 contiene una vulnerabilidad no especificada que podría permitir a un usuario local privilegiado obtener información confidencial de los registros de API. ID de IBM X-Force: 263833. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263833 https://www.ibm.com/support/pages/node/7051204 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33160 – IBM Security Directory Suite information disclosure
https://notcve.org/view.php?id=CVE-2022-33160
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. IBM Security Directory Suite 8.0.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228568. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228568 https://www.ibm.com/support/pages/node/7047071 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34355 – IBM Jazz Foundation information disclosure
https://notcve.org/view.php?id=CVE-2022-34355
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2) podría revelar información confidencial de la versión a un usuario que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 230498. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230498 https://www.ibm.com/support/pages/node/7046995 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43058 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-43058
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 https://www.ibm.com/support/pages/node/7047017 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35897 – IBM Spectrum Protect code execution
https://notcve.org/view.php?id=CVE-2023-35897
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. IBM Spectrum Protect Client e IBM Storage Protect for Virtual Environments 8.1.0.0 a 8.1.19.0 podrían permitir a un usuario local ejecutar código arbitrario en el sistema utilizando un archivo especialmente manipulado, causado por una falla de secuestro de DLL. ID de IBM X-Force: 259246. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259246 https://www.ibm.com/support/pages/node/7037299 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •