492 matches found
Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System
Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...
Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...
IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2026-13784)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...
IBM Cloud Pak System Access Control Error Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An access control error vulnerability exists in IB...
Security Bulletin: Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System
Summary Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2023-20599 DESCRIPTION: Improper register access control in ASP may allow a privileged attacker to perform unauthorized acce...
Security Bulletin: Vulnerability in libxml2 affects IBM Cloud Pak System[CVE-2025-6021]
Summary A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. Vulnerability was addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-6021 DESCRIPTION: A flaw was found...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005
CVE-2023-38005 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. An authenticated user could perform unauthorized tasks due to improper access controls (CWE-284). IBM’s bulletin combines this with CVE-2023-38265; the base score for CVE-2023-38005 is 4.3 (Mediu...
CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
CVE-2023-38265
CVE-2023-38265 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. The issue is improper access control that allows information disclosure through directory listing, exposing folder location details to unauthenticated attackers and potentially aiding further att...
CVE-2023-38265 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...
IBM Cloud Pak System 访问控制错误漏洞
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An access control error vulnerability exists in IB...
IBM Cloud Pak System 安全漏洞
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...