CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26024 – IBM Planning Analytics on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26024
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. IBM Planning Analytics on Cloud Pak for Data 4.0 podría permitir que un atacante en una red compartida obtenga información confidencial causada por una comunicación de red insegura. ID de IBM X-Force: 247898. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247898 https://https://www.ibm.com/support/pages/node/7082784 https://www.ibm.com/support/pages/node/7082784 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26026 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26026
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26023 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26023
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27877 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 https://www.ibm.com/support/pages/node/6999351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28958 – IBM Watson Knowledge Catalog CSV injection
https://notcve.org/view.php?id=CVE-2023-28958
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251782 https://www.ibm.com/support/pages/node/7009747 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •