CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35906 – IBM Aspera Faspex security bypass
https://notcve.org/view.php?id=CVE-2023-35906
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. IBM Aspera Faspex v5.0.5 podría permitir a un atacante remoto saltarse las restricciones de IP debido a controles de acceso inadecuados. ID de IBM X-Force: 259649. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 https://www.ibm.com/support/pages/node/7029681 • CWE-291: Reliance on IP Address for Authentication CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22870 – IBM Aspera Faspex information disclosure
https://notcve.org/view.php?id=CVE-2023-22870
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. IBM Aspera Faspex v5.0.5 transmite información sensible en texto claro que podría ser obtenida por un atacante utilizando técnicas de "man in the middle". IBM X-Force ID: 244121. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 https://www.ibm.com/support/pages/node/7029681 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29261 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-29261
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139. IBM Sterling Secure Proxy v6.0.3 y v6.1.0 podrían permitir a un usuario local con información específica sobre el sistema obtener información privilegiada debido a una limpieza inadecuada de la memoria durante las operaciones. ID de IBM X-Force: 252139. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252139 https://https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029765 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32338 – IBM Sterling Secure Proxy information disclosure
https://notcve.org/view.php?id=CVE-2023-32338
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585. IBM Sterling Secure Proxy e IBM Sterling External Authentication Server v6.0.3 y v6.1.0 almacenan credenciales de usuario en texto claro que puede leer un usuario local con acceso al contenedor. IBM X-Force ID: 255585. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 https://https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029765 https://www.ibm.com/support/pages/node/7029766 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43903 – IBM Security Guardium denial of service
https://notcve.org/view.php?id=CVE-2022-43903
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894. IBM Security Guardium v10.6, v11.3 y v11.4 podría permitir a un usuario autenticado provocar una denegación de servicio debido a una validación de entrada incorrecta. IBM X-Force ID: 240894. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240894 https://www.ibm.com/support/pages/node/7030110 • CWE-20: Improper Input Validation •