487 matches found
Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...
IBM Cloud Pak System Access Control Error Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An access control error vulnerability exists in IB...
IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2026-13784)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...
Security Bulletin: Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System
Summary Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2023-20599 DESCRIPTION: Improper register access control in ASP may allow a privileged attacker to perform unauthorized acce...
Security Bulletin: Vulnerability in libxml2 affects IBM Cloud Pak System[CVE-2025-6021]
Summary A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. Vulnerability was addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-6021 DESCRIPTION: A flaw was found...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005
CVE-2023-38005 is an IBM Cloud Pak System vulnerability characterized by improper access control that could allow an authenticated user to perform unauthorized tasks. Affected versions include Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. The bulletin scores base CVSS 4.3 (vec...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265
CVE-2023-38265 is described in IBM’s Security Bulletin for IBM Cloud Pak System, noting that the product could disclose folder location information to an unauthenticated attacker via directory listing. Affected versions include Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. The...
IBM Cloud Pak System 访问控制错误漏洞
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An access control error vulnerability exists in IB...
IBM Cloud Pak System 安全漏洞
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...
PT-2026-20210
Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System versions 2.3.3.6 through 2.3.5.0 Description The software may reveal folder location details to attackers without requiring authentication, potentially assisting in subsequent attacks. Recommendations Update to a version...