CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43906 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2022-43906
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. IBM Security Guardium 11.5 podría revelar información confidencial debido a un atributo SameSite faltante o inseguro para una cookie confidencial. ID de IBM X-Force: 240897. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240897 https://https://www.ibm.com/support/pages/node/7038019 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40376 – IBM UrbanCode Deploy (UCD) improper authentication controls
https://notcve.org/view.php?id=CVE-2023-40376
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podría permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticación inadecuados. ID de IBM X-Force: 263581. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 https://www.ibm.com/support/pages/node/7037230 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40684 – IBM Content Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-40684
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. IBM Content Navigator 3.0.11, 3.0.13 y 3.0.14 con IBM Daeja ViewOne Virtual es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264019 https://https://www.ibm.com/support/pages/node/7046226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37404 – IBM Observability with Instana code execution
https://notcve.org/view.php?id=CVE-2023-37404
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. IBM Observability con Instana 1.0.243 a 1.0.254 podría permitir que un atacante en la red ejecute código arbitrario en el host después de un ataque exitoso de envenenamiento de DNS. ID de IBM X-Force: 259789. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259789 https://www.ibm.com/support/pages/node/7041863 •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35905 – IBM FileNet Content Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-35905
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. IBM FileNet Content Manager 5.5.8, 5.5.10 y 5.5.11 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259384 https://www.ibm.com/support/pages/node/7014389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •