CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 https://www.ibm.com/support/pages/node/7161469 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVE-2024-5486 – Authenticated Sensitive Information Disclosure in ClearPass Policy Manager
https://notcve.org/view.php?id=CVE-2024-5486
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04675en_us&docLocale=en_US •
CVE-2024-41944 – Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report
https://notcve.org/view.php?id=CVE-2024-41944
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/c60cfd8727da77b9db10297148eadd697ebec353.patch https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-v6q4-h869-gm3r https://xibosignage.com/blog/security-advisory-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-41804 – Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Column Formula
https://notcve.org/view.php?id=CVE-2024-41804
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. • https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-4pp3-4mw7-qfwr https://xibosignage.com/blog/security-advisory-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-41802 – Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data Import
https://notcve.org/view.php?id=CVE-2024-41802
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue • https://github.com/xibosignage/xibo-cms/commit/b7a5899338cd841a39702e3fcaff76aa0ffe4075 https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-x4qm-vvhp-g7c2 https://xibosignage.com/blog/security-advisory-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •