153 matches found
CVE-2023-50326
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107...
CVE-2023-50933
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113...
CVE-2023-50934
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114...
CVE-2023-50327
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...
Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA
Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...
Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl
Summary Vulnerabilities in Curl could allow a local attacker to obtain sensitive information CVE-2024-7264 or a remote attacker to cause a denial of service CVE-2024-6197, CVE-2024-37371 or bypass security restrictions CVE-2024-37370. PowerSC uses Curl as part of PowerSC Trusted Network Connect...
The vulnerability of software for managing and securing environments on IBM Power Systems, IBM PowerSC, arises from the use of an untrusted interdomain policy file. This allows attackers to perform privileged actions and extract confidential information.
The vulnerability of the IBM PowerSC microprocessor architecture is related to the use of an untrusted intermediate policy file. Exploiting this vulnerability allows attackers to perform privileged actions and extract confidential information...
Security Bulletin: PowerSC is vulnerable to security restrictions bypass and denial of service due to Curl
Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions CVE-2024-2466, CVE-2024-2004, CVE-2024-2379 or cause a denial of service CVE-2024-2398. PowerSC uses Curl as part of PowerSC Trusted Network Connect TNC. Vulnerability Details CVEID:CVE-2024-2466...
Security Bulletin: PowerSC is vulnerable to security restrictions bypass due to Curl (CVE-2023-46218, CVE-2023-46219, CVE-2024-0853)
Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions CVE-2023-46218, CVE-2023-46219, CVE-2024-0853. PowerSC uses Curl as part of PowerSC Trusted Network Connect TNC. Vulnerability Details CVEID:CVE-2023-46218 DESCRIPTION: cURL libcurl could allow a remote...
IBM PowerSC Information Disclosure Vulnerability (CNVD-2024-09941)
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. An information disclosure vulnerability exists in IBM PowerSC that stems from MFA not implementing the HSTS security policy mechanism, which can be exploited by an attacker to cau...
IBM PowerSC Clickjacking Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a clickjacking vulnerability that can be exploited by an attacker to hijack a victim's click-to-operate and launch further attacks against the victim...
IBM PowerSC Session Fixation Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a session fixation vulnerability that stems from the failure to provide logout functionality, which could be exploited by an attacker to gain access to...
IBM PowerSC Forced Browsing Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has a forced browsing vulnerability vulnerability that stems from not properly restricting access to URLs or resources, which can be exploited by an attacker to gain...
IBM PowerSC Information Disclosure Vulnerability (CNVD-2024-09949)
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. An information disclosure vulnerability exists in IBM PowerSC, which can be exploited by an attacker to view session identifiers passed via URL query strings...
IBM PowerSC Information Disclosure Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an information disclosure vulnerability vulnerability that stems from not using proper account lockout settings, which can be exploited by an attacker to...
IBM PowerSC Cross-Site Scripting Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious HTML code...
IBM PowerSC Explains Conflict Vulnerabilities
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an interpretation conflict vulnerability that stems from not using a secure HTTP method, which could be exploited by an attacker to perform unauthorized...
IBM PowerSC Encryption Problem Vulnerability (CNVD-2024-09945)
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly...
IBM PowerSC Authentication Error Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has an Authentication Error Vulnerability vulnerability that stems from the use of single-factor authentication, which can be exploited by an attacker to cause a risk ...
IBM PowerSC Session Fixation Vulnerability (CNVD-2024-09948)
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. A session fixation vulnerability exists in IBM PowerSC, which stems from a failure to disable a session after logging out, and can be exploited by an attacker to impersonate anoth...