CVE-2023-33850 – IBM GSKit-Crypto information disclosure
https://notcve.org/view.php?id=CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 https://www.ibm.com/support/pages/node/7010369 https://www.ibm.com/support/pages/node/7022413 https://www.ibm.com/support/pages/node/7022414 • CWE-203: Observable Discrepancy •
CVE-2023-38741 – IBM TXSeries for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2023-38741
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262905 https://www.ibm.com/support/pages/node/7025476 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •
CVE-2021-38933 – IBM Sterling Connect:Express for UNIX information disclosure
https://notcve.org/view.php?id=CVE-2021-38933
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210574 https://www.ibm.com/support/pages/node/7010925 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-29260 – IBM Sterling Connect:Express for UNIX server-side request forgery
https://notcve.org/view.php?id=CVE-2023-29260
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252135 https://www.ibm.com/support/pages/node/7010923 • CWE-918: Server-Side Request Forgery (SSRF) •