Lucene search
K
IbmPowersc

13 matches found

CVE
CVE
added 2024/02/02 12:1 a.m.66 views

CVE-2023-50326

CVE-2023-50326 concerns IBM PowerSC 1.3, 2.0 and 2.1, where an inadequate account lockout setting could allow a remote attacker to brute‑force credentials. The connected sources confirm the affected products/versions and describe the root cause as insufficient lockout controls, enabling credentia...

7.5CVSS7.3AI score0.00663EPSS
CVE
CVE
added 2024/02/02 1:8 a.m.62 views

CVE-2023-50934

CVE-2023-50934 affects IBM PowerSC 1.3, 2.0, and 2.1. The root issue is the use of single-factor authentication, which can lead to an elevated risk of compromise compared with dual-factor schemes. The NVD/IBM references show a MEDIUM-severity exposure (CVSS v3.1 base score 5.3) with network attac...

5.3CVSS5.2AI score0.0044EPSS
CVE
CVE
added 2024/02/01 11:53 p.m.55 views

CVE-2023-50939

CVE-2023-50939 affects IBM PowerSC versions 1.3, 2.0, and 2.1. The issue is “weaker than expected cryptographic algorithms” that could allow an attacker to decrypt highly sensitive information. IBM’s bulletin (AAB15147281C93AFE73AFD8492331D3E46E834FDA424845C54E83DE6E24CF4B6) lists affected filese...

7.5CVSS7.2AI score0.00337EPSS
CVE
CVE
added 2024/02/02 1:18 a.m.55 views

CVE-2023-50962

This CVE (CVE-2023-50962) affects IBM PowerSC 1.3, 2.0, and 2.1 MFA, which do not implement HTTP Strict Transport Security (HSTS). The Red Hat advisory confirms the same product set. Affected components/versions: PowerSC 1.3, 2.0, 2.1 (MFA). Impact described: information disclosure risk due to mi...

7.5CVSS7.3AI score0.00318EPSS
CVE
CVE
added 2024/02/02 1:0 a.m.48 views

CVE-2023-50327

CVE-2023-50327 affects IBM PowerSC 1.3, 2.0, and 2.1. The vulnerability arises from the use of insecure HTTP methods, which could allow a remote attacker to modify unauthorized file requests. Affected components/filesets include powerscStd.uiServer, powerscStd.uiAgent, and powerscMFA.server (rang...

5.3CVSS5.1AI score0.00492EPSS
CVE
CVE
added 2024/02/02 1:14 a.m.48 views

CVE-2023-50938

CVE-2023-50938 – IBM PowerSC clickjacking : Affects PowerSC 1.3, 2.0, and 2.1. A remote attacker could hijack the victim’s clicking actions by compelling them to visit a malicious Web site, potentially enabling further attacks. The issue is explicitly documented in IBM’s PowerSC security bulletin...

6.5CVSS4.5AI score0.00401EPSS
CVE
CVE
added 2024/02/02 12:5 a.m.47 views

CVE-2023-50933

CVE-2023-50933 – IBM PowerSC HTML injection is linked to IBM PowerSC components (versions 1.3, 2.0, 2.1). The vulnerability is described as a remote HTML injection that could cause malicious HTML to execute in the victim’s browser within the hosting site’s security context. Supported connected do...

6.1CVSS6.3AI score0.00409EPSS
CVE
CVE
added 2024/02/02 1:12 a.m.45 views

CVE-2023-50935

CVE-2023-50935 affects IBM PowerSC 1.3, 2.0, and 2.1. The Red Hat/IBM bulletin confirms a forced-browsing-style issue where access to a URL/resource isn’t properly restricted, potentially allowing remote unauthorized access to application functionality and resources. Affected filesets include pow...

6.5CVSS6.2AI score0.00407EPSS
CVE
CVE
added 2024/02/02 1:11 a.m.45 views

CVE-2023-50941

CVE-2023-50941 affects IBM PowerSC versions 1.3, 2.0 and 2.1. The vulnerability arises from the lack of logout functionality, enabling a session fixation scenario where an authenticated user could gain access to an unauthorized user’s session. Public sources (e.g., Red Hat advisory) reiterate the...

6.3CVSS5.4AI score0.00285EPSS
CVE
CVE
added 2024/02/02 1:3 a.m.44 views

CVE-2023-50936

CVE-2023-50936 affects IBM PowerSC 1.3, 2.0 and 2.1 where sessions are not invalidated after logout, enabling an authenticated user to impersonate another user. The Red Hat advisory and IBM security bulletin confirm this session-fixation issue and note remediation by updating to PowerSC 2.2. Impa...

8.8CVSS8.2AI score0.00381EPSS
CVE
CVE
added 2024/02/02 1:5 a.m.44 views

CVE-2023-50940

IBM PowerSC versions 1.3, 2.0, and 2.1 are affected by a Cross-Origin Resource Sharing (CORS) issue where the domain isn’t restricted to trusted domains, enabling potential privileged actions and exposure of sensitive information. Remediation per IBM bulletin is to upgrade to PowerSC 2.2. Affecte...

9.8CVSS8.6AI score0.00456EPSS
CVE
CVE
added 2024/02/02 1:16 a.m.41 views

CVE-2023-50328

CVE-2023-50328 affects IBM PowerSC 1.3, 2.0, and 2.1. A vulnerability allowed remote attackers to view session identifiers passed via URL query strings. The IBM bulletin lists PowerSC 2.2 as the remediation (update to 2.2 on Fix Central) and enumerates affected filesets (powerscStd.uiServer, powe...

5.3CVSS5.1AI score0.00532EPSS
CVE
CVE
added 2024/02/02 12:10 a.m.36 views

CVE-2023-50937

CVE-2023-50937 affects IBM PowerSC versions 1.3, 2.0, and 2.1, where the use of weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is described in IBM’s PowerSC advisories and cross-referenced in X-Force (ID 275117). Affected f...

7.5CVSS7.2AI score0.00318EPSS