CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22447 – IBM Disconnected Log Collector information disclosure
https://notcve.org/view.php?id=CVE-2022-22447
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. IBM Disconnected Log Collector 1.0 a 1.8.2 es vulnerable a posibles errores de configuración de seguridad que podrían revelar información no deseada. ID de IBM X-Force: 224648. • https://exchange.xforce.ibmcloud.com/vulnerabilities/224648 https://https://www.ibm.com/support/pages/node/7042313 https://www.ibm.com/support/pages/node/7042313 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40375 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40375
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580 https://www.ibm.com/support/pages/node/7038748 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43044 – IBM License Metric Tool directory traversal
https://notcve.org/view.php?id=CVE-2023-43044
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266893 https://https://www.ibm.com/support/pages/node/7040605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38718 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38718
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. IBM Robotic Process Automation 21.0.0 a 21.0.7.8 podría revelar información sensible procedente del acceso a scripts de RPA, flujos de trabajo y datos relacionados. ID de IBM X-Force: 261606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261606 https://www.ibm.com/support/pages/node/7031619 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37410 – IBM Personal Communications privilege escalation
https://notcve.org/view.php?id=CVE-2023-37410
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138. IBM Personal Communications 14.05, 14.06 y 15.0.0 podrían permitir que un usuario local escale sus privilegios al usuario SYSTEMA debido a controles de acceso demasiado permisivos. ID de IBM X-Force: 260138. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260138 https://www.ibm.com/support/pages/node/7031707 •