CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24959 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-24959
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332. IBM InfoSphere Information Systems v11.7 podría exponer información sobre el sistema host y la configuración del entorno. IBM X-Force ID: 246332. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246332 https://www.ibm.com/support/pages/node/6988615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23473 – IBM InfoSphere Information Server cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-23473
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400. IBM InfoSphere Information Server v11.7 es vulnerable a Cross-Site Request Forgery lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que confía el sitio web. IBM X-Force ID: 245400. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245400 https://www.ibm.com/support/pages/node/6988169 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22877 – IBM InfoSphere Information Server CSV injection
https://notcve.org/view.php?id=CVE-2023-22877
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. IBM InfoSphere Information Server v11.7 es potencialmente vulnerable a la inyección CSV. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, debido a una validación incorrecta del contenido de los archivos CSV. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244368 https://www.ibm.com/support/pages/node/6988623 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26270 – IBM Security Guardium Data Encryption code execution
https://notcve.org/view.php?id=CVE-2023-26270
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248119 https://www.ibm.com/support/pages/node/6995161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26271 – IBM Security Guardium Data Encryption information disclosure
https://notcve.org/view.php?id=CVE-2023-26271
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. IBM X-Force ID: 248126. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248126 https://www.ibm.com/support/pages/node/6995161 • CWE-307: Improper Restriction of Excessive Authentication Attempts •