CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35892 – IBM Financial Transaction Manager for SWIFT Services XML external entity injection
https://notcve.org/view.php?id=CVE-2023-35892
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. IBM Financial Transaction Manager for SWIFT Services v3.2.4 es vulnerable a un ataque de Inyección de Entidad Externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258786 https://www.ibm.com/support/pages/node/7030359 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33835 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2023-33835
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015. IBM Security Verify Information Queue v10.0.4 y v10.0.5 podría permitir a un atacante remoto obtener información sensible que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 256015. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256015 https://www.ibm.com/support/pages/node/7029584 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33834 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2023-33834
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014. IBM Security Verify Information Queue v10.0.4 y v10.0.5 podría permitir a un atacante remoto obtener información sensible que podría ayudar en futuros ataques contra el sistema. IBM X-force ID: 256014. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256014 https://www.ibm.com/support/pages/node/7029584 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33833 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2023-33833
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013. IBM Security Verify Information Queue v10.0.4 y v10.0.5 almacena información confidencial en texto claro que puede ser leída por un usuario local. IBM X-Force ID: 256013. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256013 https://www.ibm.com/support/pages/node/7029584 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 103EXPL: 0CVE-2023-1995 – Insufficient Logging Vulnerability in HiRDB
https://notcve.org/view.php?id=CVE-2023-1995
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02. Vulnerabilidad de registro insuficiente en Hitachi HiRDB Server, HiRDB Server con función adicional, HiRDB Structured Data Access Facility. Este problema afecta al servidor HiRDB: antes del 09-60-39, antes del 09-65-23, antes del 09-66-17, antes del 10- 01-10, antes del 10-03-12, antes del 10-04-06, antes del 10-05-06, antes del 10-06-02; Servidor HiRDB con función adicional: antes de 09-60-2M, antes de 09-65-/W, antes de 09-66-/Q; Instalación de acceso a datos estructurados de HiRDB: antes del 60-09-39, antes del 03-10-12, antes del 04-10-06, antes del 06-10-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-133/index.html • CWE-778: Insufficient Logging •