Every CVE whose affected-product data names Ibm Powersc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-50326 — CVSS 7.5 (high): IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account…
CVE-2023-50935 — CVSS 6.5 (medium): IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain…
CVE-2023-50938 — CVSS 6.5 (medium): IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a…
CVE-2023-50936 — CVSS 6.3 (medium): IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user…
CVE-2023-50941 — CVSS 6.3 (medium): IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an…
CVE-2023-50933 — CVSS 6.1 (medium): IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would…
CVE-2023-50937 — CVSS 5.9 (medium): IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2023-50939 — CVSS 5.9 (medium): IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2023-50962 — CVSS 5.9 (medium): IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force…
CVE-2023-50940 — CVSS 5.3 (medium): IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and…
CVE-2023-50934 — CVSS 5.3 (medium): IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the…
CVE-2023-50327 — CVSS 5.3 (medium): IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request…
CVE-2023-50328 — CVSS 3.7 (low): IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.