Powersc Security Vulnerabilities and Issues — Powersc CVE List

Lucene search

IbmPowersc

13 matches found

CVE•added 2024/02/02 2:15 a.m.•46 views

CVE-2023-50962

IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.

7.5CVSS7.3AI score0.00031EPSS

CVE•added 2024/02/02 1:15 a.m.•41 views

CVE-2023-50326

IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.

7.5CVSS7.3AI score0.0004EPSS

CVE•added 2024/02/02 2:15 a.m.•41 views

CVE-2023-50934

IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.

5.3CVSS5.2AI score0.00028EPSS

CVE•added 2024/02/02 12:15 a.m.•39 views

CVE-2023-50939

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.

7.5CVSS7.2AI score0.00031EPSS

CVE•added 2024/02/02 2:15 a.m.•36 views

CVE-2023-50941

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.

6.3CVSS5.4AI score0.0003EPSS

CVE•added 2024/02/02 1:15 a.m.•34 views

CVE-2023-50933

IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.

6.1CVSS6.3AI score0.00046EPSS

CVE•added 2024/02/02 2:15 a.m.•34 views

CVE-2023-50938

IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the vict...

6.5CVSS4.5AI score0.0003EPSS

CVE•added 2024/02/02 2:15 a.m.•33 views

CVE-2023-50935

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.

6.5CVSS6.2AI score0.00043EPSS

CVE•added 2024/02/02 1:15 a.m.•33 views

CVE-2023-50936

IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.

8.8CVSS8.2AI score0.00021EPSS

CVE•added 2024/02/02 1:15 a.m.•31 views

CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.

5.3CVSS5.1AI score0.00032EPSS

CVE•added 2024/02/02 1:15 a.m.•28 views

CVE-2023-50940

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.

9.8CVSS8.6AI score0.0004EPSS

CVE•added 2024/02/02 2:15 a.m.•27 views

CVE-2023-50328

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.

5.3CVSS5.1AI score0.00026EPSS

CVE•added 2024/02/02 1:15 a.m.•23 views

CVE-2023-50937

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.

7.5CVSS7.2AI score0.00031EPSS