Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Powersc
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-02 | CVE-2023-50962 | IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | Powersc | 7.5 | ||
| 2024-02-02 | CVE-2023-50939 | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | Powersc | 7.5 | ||
| 2024-02-02 | CVE-2023-50326 | IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107. | Powersc | 7.5 | ||
| 2024-02-02 | CVE-2023-50327 | IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. | Powersc | 5.3 | ||
| 2024-02-02 | CVE-2023-50933 | IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | Powersc | 6.1 | ||
| 2024-02-02 | CVE-2023-50936 | IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | Powersc | 8.8 | ||
| 2024-02-02 | CVE-2023-50937 | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | Powersc | 7.5 | ||
| 2024-02-02 | CVE-2023-50940 | IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130. | Powersc | 9.8 | ||
| 2024-02-02 | CVE-2023-50328 | IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | Powersc | 5.3 | ||
| 2024-02-02 | CVE-2023-50934 | IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. | Powersc | 5.3 |