5.3
CVE-2023-38713 - IBM Cloud Pak System information disclosure
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1Β could disclose sensitive information about the system that could aid in further attacks against the system.
5.3
CVE-2023-38714 - IBM Cloud Pak System information disclosure
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1Β could disclose sensitive information about the system that could aid in further attacks against the system.
5.3
CVE-2023-38013 - IBM Cloud Pak System information disclosure
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
5.3
CVE-2023-38012 - IBM Cloud Pak System directory traversal
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
5.3
CVE-2023-38716 - IBM Cloud Pak System information disclosure
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.
5.3
CVE-2024-35114 - IBM Control Center information disclosure
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
4.3
CVE-2024-35113 - IBM Control Center information disclosure
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
5.4
CVE-2024-35112 - IBM Control Center cross-site scripting
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
4.3
CVE-2024-35111 - IBM Control Center information disclosure
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
7.5
CVE-2024-13562 - Import WP β Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive β¦
The Import WP β Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecuβ¦