Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-29259: IBM Sterling Connect:Express for UNIX information disclosure CVE-2023-29259 Vulnerability Report

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.

CVE
Open in Source
#vulnerability#ibm
CVE-2021-38933: IBM Sterling Connect:Direct for UNIX information disclosure CVE-2021-38933 Vulnerability Report

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.

CVE-2023-28513: Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2023-28513)

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

CVE-2023-26026: IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure CVE-2023-26023 Vulnerability Report

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

CVE-2023-29260: Express for UNIX is vulnerable to server-side request forgery (SSRF)

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

CVE-2023-3753

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3752

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-33832: IBM Spectrum Protect denial of service CVE-2023-33832 Vulnerability Report

IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.

CVE-2023-35898: Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898)

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

CVE-2023-3765: Fix potential issues with PyFuncBackend in cli (#9053) · mlflow/mlflow@6dde937

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.