Skip to main content
CVE-2023-32635 MEDIUM This Month

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Xbrl Data Create
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29260 MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Sterling Connect
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-30433 MEDIUM This Month

IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Security Verify Access
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3446 MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
5.5%
CVE-2023-29259 MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Connect
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35900 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-33832 MEDIUM PATCH This Month

IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. Rated medium severity (CVSS 4.7).

Denial Of Service IBM Spectrum Protect Client Spectrum Protect For Space Management Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-3674 LOW PATCH Monitor

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Information Disclosure Keylime Fedora
NVD GitHub
CVSS 3.1
2.8
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy