Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-50934 Improper Authentication vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
network
low complexity
ibm CWE-287
5.3
2024-02-02 CVE-2023-50935 Forced Browsing vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources.
network
low complexity
ibm CWE-425
6.5
2024-02-02 CVE-2023-50938 User Interface (UI) Misrepresentation of Critical Information vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-451
4.3
2024-02-02 CVE-2023-50941 Session Fixation vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation.
network
low complexity
ibm CWE-384
5.4
2024-02-02 CVE-2023-50327 Interpretation Conflict vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification.
network
low complexity
ibm CWE-436
5.3
2024-02-02 CVE-2023-50933 Cross-site Scripting vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
2024-01-22 CVE-2023-47141 Unspecified vulnerability in IBM DB2
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-27859 Unspecified vulnerability in IBM DB2
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-47158 Unspecified vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5
2024-01-22 CVE-2023-47747 Unspecified vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
network
low complexity
ibm
6.5