Vulnerabilities > IBM > Powersc

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-50328 Exposure of Resource to Wrong Sphere vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings.
network
low complexity
ibm CWE-668
5.3
2024-02-02 CVE-2023-50934 Improper Authentication vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
network
low complexity
ibm CWE-287
5.3
2024-02-02 CVE-2023-50935 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources.
network
low complexity
ibm
6.5
2024-02-02 CVE-2023-50938 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm
4.3
2024-02-02 CVE-2023-50941 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation.
network
low complexity
ibm
5.4
2024-02-02 CVE-2023-50962 Cleartext Transmission of Sensitive Information vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism.
network
low complexity
ibm CWE-319
7.5
2024-02-02 CVE-2023-50326 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm
7.5
2024-02-02 CVE-2023-50327 Interpretation Conflict vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification.
network
low complexity
ibm CWE-436
5.3
2024-02-02 CVE-2023-50933 Cross-site Scripting vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
2024-02-02 CVE-2023-50936 Unspecified vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm
8.8