CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35011 – IBM Cognos Analytics server-side request forgey
https://notcve.org/view.php?id=CVE-2023-35011
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257705 https://security.netapp.com/advisory/ntap-20230921-0005 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35009 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2023-35009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257703 https://security.netapp.com/advisory/ntap-20230831-0014 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-35893 – IBM Security Guardium command execution
https://notcve.org/view.php?id=CVE-2023-35893
IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258824 https://www.ibm.com/support/pages/node/7027853 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38737 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2023-38737
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. IBM WebSphere Application Server Liberty 22.0.0.13 a 23.0.0.7 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262567 https://www.ibm.com/support/pages/node/7027509 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38721 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-38721
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262173 https://www.ibm.com/support/pages/node/7023423 • CWE-269: Improper Privilege Management •