CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24965 – IBM Aspera Faspex improper access control
https://notcve.org/view.php?id=CVE-2023-24965
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. IBM Aspera Faspex 5.0.5 no restringe ni restringe incorrectamente el acceso a un recurso de un actor no autorizado. ID de IBM X-Force: 246713. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 https://www.ibm.com/support/pages/node/7029681 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22405 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2022-22405
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. IBM Aspera Faspex 5.0.5 podría permitir a un atacante remoto obtener información confidencial, causada por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información sensbile mediante técnicas de man-in-the-middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 https://www.ibm.com/support/pages/node/7029681 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33164 – IBM Security Directory Server path traversal
https://notcve.org/view.php?id=CVE-2022-33164
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. IBM Security Directory Server 7.2.0 podría permitir a un atacante remoto recorrer directorios del sistema. Un atacante podría enviar una solicitud de dirección URL especialmente manipulada que contuviera secuencias "dot dot" (/.. /) para ver o escribir en archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228579 https://www.ibm.com/support/pages/node/7031021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32332 – IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection
https://notcve.org/view.php?id=CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. IBM Maximo Application Suite en versiones 8.9 y 8.10 e IBM Maximo Asset Management en versiones 7.6.1.2 y 7.6.1.3 son vulnerables a la inyección HTML. Un atacante remoto podría inyectar código HTML malicioso, que cuando se detecta, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de hosting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255072 https://www.ibm.com/support/pages/node/7030367 https://www.ibm.com/support/pages/node/7030926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38736 – IBM QRadar WinCollect Agent privilege escalation
https://notcve.org/view.php?id=CVE-2023-38736
IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542. IBM QRadar WinCollect Agent 10.0 a 10.1.6, cuando se instala para ejecutarse como ADMIN o SYSTEM, es vulnerable a una escalada local de ataque de privilegios que un usuario normal podría utilizar para obtener permisos de SYSTEM. ID de IBM X-Force: 262542. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262542 https://www.ibm.com/support/pages/node/7030703 •