Ibm Powersc
13 CVEs affecting Ibm Powersc. Latest disclosed: 2024-02-02. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-50326 | High | 7.5 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID… |
CVE-2023-50938 | Medium | 6.5 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site… |
CVE-2023-50935 | Medium | 6.5 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to applic… |
CVE-2023-50941 | Medium | 6.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using sessi… |
CVE-2023-50936 | Medium | 6.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM… |
CVE-2023-50933 | Medium | 6.1 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the… |
CVE-2023-50962 | Medium | 5.9 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. |
CVE-2023-50937 | Medium | 5.9 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-F… |
CVE-2023-50939 | Medium | 5.9 | 2024-02-01 | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-F… |
CVE-2023-50934 | Medium | 5.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-fact… |
CVE-2023-50940 | Medium | 5.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive in… |
CVE-2023-50327 | Medium | 5.3 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID… |
CVE-2023-50328 | Low | 3.7 | 2024-02-02 | IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. |