CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38741 – IBM TXSeries for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2023-38741
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262905 https://www.ibm.com/support/pages/node/7025476 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23476 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-23476
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. IBM Robotic Process Automation v21.0.0 a 21.0.7.latest es vulnerable al acceso no autorizado a datos debido a una validación de autorización insuficiente en algunas rutas API. ID de IBM X-Force: 245425. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245425 https://www.ibm.com/support/pages/node/7017490 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de datos especialmente diseñados, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 https://www.ibm.com/support/pages/node/7017032 https://access.redhat.com/security/cve/CVE-2022-40609 https://bugzilla.redhat.com/show_bug.cgi?id=2228078 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4868 – IBM TRIRIGA information disclosure
https://notcve.org/view.php?id=CVE-2020-4868
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. IBM TRIRIGA v3.0, v4.0 y v4.4 podrían permitir a un atacante remoto obtener información sensible cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190744 https://www.ibm.com/support/pages/node/7015393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24971 – IBM B2B Advanced Communication denial of service
https://notcve.org/view.php?id=CVE-2023-24971
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246976 https://www.ibm.com/support/pages/node/7014933 • CWE-502: Deserialization of Untrusted Data •