Vulnerabilities > IBM > Powersc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-50328 | Exposure of Resource to Wrong Sphere vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. | 5.3 |
| 2024-02-02 | CVE-2023-50934 | Improper Authentication vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. | 5.3 |
| 2024-02-02 | CVE-2023-50935 | Forced Browsing vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. | 6.5 |
| 2024-02-02 | CVE-2023-50938 | User Interface (UI) Misrepresentation of Critical Information vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2024-02-02 | CVE-2023-50941 | Session Fixation vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. | 5.4 |
| 2024-02-02 | CVE-2023-50962 | Cleartext Transmission of Sensitive Information vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. | 7.5 |
| 2024-02-02 | CVE-2023-50326 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2024-02-02 | CVE-2023-50327 | Interpretation Conflict vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. | 5.3 |
| 2024-02-02 | CVE-2023-50933 | Cross-site Scripting vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. | 6.1 |
| 2024-02-02 | CVE-2023-50936 | Insufficient Session Expiration vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |