13 matches found
CVE-2023-50326
CVE-2023-50326 concerns IBM PowerSC 1.3, 2.0 and 2.1, where an inadequate account lockout setting could allow a remote attacker to brute‑force credentials. The connected sources confirm the affected products/versions and describe the root cause as insufficient lockout controls, enabling credentia...
CVE-2023-50934
CVE-2023-50934 affects IBM PowerSC 1.3, 2.0, and 2.1. The root issue is the use of single-factor authentication, which can lead to an elevated risk of compromise compared with dual-factor schemes. The NVD/IBM references show a MEDIUM-severity exposure (CVSS v3.1 base score 5.3) with network attac...
CVE-2023-50939
CVE-2023-50939 affects IBM PowerSC versions 1.3, 2.0, and 2.1. The issue is “weaker than expected cryptographic algorithms” that could allow an attacker to decrypt highly sensitive information. IBM’s bulletin (AAB15147281C93AFE73AFD8492331D3E46E834FDA424845C54E83DE6E24CF4B6) lists affected filese...
CVE-2023-50962
This CVE (CVE-2023-50962) affects IBM PowerSC 1.3, 2.0, and 2.1 MFA, which do not implement HTTP Strict Transport Security (HSTS). The Red Hat advisory confirms the same product set. Affected components/versions: PowerSC 1.3, 2.0, 2.1 (MFA). Impact described: information disclosure risk due to mi...
CVE-2023-50327
CVE-2023-50327 affects IBM PowerSC 1.3, 2.0, and 2.1. The vulnerability arises from the use of insecure HTTP methods, which could allow a remote attacker to modify unauthorized file requests. Affected components/filesets include powerscStd.uiServer, powerscStd.uiAgent, and powerscMFA.server (rang...
CVE-2023-50938
CVE-2023-50938 – IBM PowerSC clickjacking : Affects PowerSC 1.3, 2.0, and 2.1. A remote attacker could hijack the victim’s clicking actions by compelling them to visit a malicious Web site, potentially enabling further attacks. The issue is explicitly documented in IBM’s PowerSC security bulletin...
CVE-2023-50933
CVE-2023-50933 – IBM PowerSC HTML injection is linked to IBM PowerSC components (versions 1.3, 2.0, 2.1). The vulnerability is described as a remote HTML injection that could cause malicious HTML to execute in the victim’s browser within the hosting site’s security context. Supported connected do...
CVE-2023-50935
CVE-2023-50935 affects IBM PowerSC 1.3, 2.0, and 2.1. The Red Hat/IBM bulletin confirms a forced-browsing-style issue where access to a URL/resource isn’t properly restricted, potentially allowing remote unauthorized access to application functionality and resources. Affected filesets include pow...
CVE-2023-50941
CVE-2023-50941 affects IBM PowerSC versions 1.3, 2.0 and 2.1. The vulnerability arises from the lack of logout functionality, enabling a session fixation scenario where an authenticated user could gain access to an unauthorized user’s session. Public sources (e.g., Red Hat advisory) reiterate the...
CVE-2023-50936
CVE-2023-50936 affects IBM PowerSC 1.3, 2.0 and 2.1 where sessions are not invalidated after logout, enabling an authenticated user to impersonate another user. The Red Hat advisory and IBM security bulletin confirm this session-fixation issue and note remediation by updating to PowerSC 2.2. Impa...
CVE-2023-50940
IBM PowerSC versions 1.3, 2.0, and 2.1 are affected by a Cross-Origin Resource Sharing (CORS) issue where the domain isn’t restricted to trusted domains, enabling potential privileged actions and exposure of sensitive information. Remediation per IBM bulletin is to upgrade to PowerSC 2.2. Affecte...
CVE-2023-50328
CVE-2023-50328 affects IBM PowerSC 1.3, 2.0, and 2.1. A vulnerability allowed remote attackers to view session identifiers passed via URL query strings. The IBM bulletin lists PowerSC 2.2 as the remediation (update to 2.2 on Fix Central) and enumerates affected filesets (powerscStd.uiServer, powe...
CVE-2023-50937
CVE-2023-50937 affects IBM PowerSC versions 1.3, 2.0, and 2.1, where the use of weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is described in IBM’s PowerSC advisories and cross-referenced in X-Force (ID 275117). Affected f...