Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-50941 | Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. | 5.4 |
| 2024-02-02 | CVE-2023-50962 | Cleartext Transmission of Sensitive Information vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. | 7.5 |
| 2024-02-02 | CVE-2023-50326 | Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2024-02-02 | CVE-2023-50327 | Interpretation Conflict vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. | 5.3 |
| 2024-02-02 | CVE-2023-50933 | Cross-site Scripting vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. | 6.1 |
| 2024-02-02 | CVE-2023-50936 | Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2024-02-02 | CVE-2023-50937 | Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-02 | CVE-2023-50940 | Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 9.8 |
| 2024-02-02 | CVE-2023-50939 | Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-01-26 | CVE-2024-23619 | Use of Hard-coded Credentials vulnerability in IBM Merge Efilm Workstation 4.2 A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. | 9.8 |