CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35006 – IBM Security ReaQta HTML injection
https://notcve.org/view.php?id=CVE-2023-35006
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165. IBM Security QRadar EDR 3.12 es vulnerable a la inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, una vez visto, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297165 https://www.ibm.com/support/pages/node/7159770 •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25023 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-25023
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.22.0 almacenan información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 281429. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281429 https://www.ibm.com/support/pages/node/7159768 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 70EXPL: 0CVE-2024-37528 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-37528
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 son vulnerables a Cross Site Scripting. Esta vulnerabilidad permite a un usuario privilegiado incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294293 https://www.ibm.com/support/pages/node/7159332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 70EXPL: 0CVE-2024-31897 – IBM Cloud Pak for Business Automation server-side request forgery
https://notcve.org/view.php?id=CVE-2024-31897
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 vulnerables a Server Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288178 https://www.ibm.com/support/pages/node/7159332 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38330 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-38330
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. IBM System Management para i 7.2, 7.3 y 7.4 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada no calificada a un programa de librería. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecute con privilegios de administrador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295227 https://www.ibm.com/support/pages/node/7159615 • CWE-427: Uncontrolled Search Path Element •