CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27265 – IBM Integration Bus for z/OS cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-27265
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. IBM Integration Bus para z/OS 10.1 a 10.1.0.3 es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 284564. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284564 https://www.ibm.com/support/pages/node/7140678 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-26283
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 https://www.ibm.com/support/pages/node/6964836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-26281 – IBM HTTP Server denial of service
https://notcve.org/view.php?id=CVE-2023-26281
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248296 https://www.ibm.com/support/pages/node/6958522 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 https://www.ibm.com/support/pages/node/6891111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43917 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-43917
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptográficas más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. Esto afecta sólo a la versión en contenedores de WebSphere Application Server tradicional. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 https://www.ibm.com/support/pages/node/6857007 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •