IBM Powersc
By the Year
In 2024 there have been 13 vulnerabilities in IBM Powersc with an average score of 6.7 out of ten. Powersc did not have any published security vulnerabilities last year. That is, 13 more vulnerabilities have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 13 | 6.68 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Powersc vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Powersc Security Vulnerabilities
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could
CVE-2023-50941
5.4 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
Session Fixation
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim
CVE-2023-50938
4.3 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.
User Interface (UI) Misrepresentation of Critical Information
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may
CVE-2023-50935
6.5 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.
forced browsing
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication
CVE-2023-50934
5.3 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.
authentification
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings
CVE-2023-50328
5.3 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.
Exposure of Resource to Wrong Sphere
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism
CVE-2023-50962
7.5 - High
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
Cleartext Transmission of Sensitive Information
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could
CVE-2023-50940
9.8 - Critical
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.
Incorrect Comparison
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms
CVE-2023-50937
7.5 - High
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
Use of a Broken or Risky Cryptographic Algorithm
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could
CVE-2023-50936
8.8 - High
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.
Insufficient Session Expiration
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection
CVE-2023-50933
6.1 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.
XSS
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could
CVE-2023-50327
5.3 - Medium
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.
Interpretation Conflict
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting
CVE-2023-50326
7.5 - High
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.
Improper Restriction of Excessive Authentication Attempts
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms
CVE-2023-50939
7.5 - High
- February 02, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
Use of a Broken or Risky Cryptographic Algorithm
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Powersc or by IBM? Click the Watch button to subscribe.
