6 matches found
CVE-2023-38273
CVE-2023-38273 affects IBM Cloud Pak System components: Cloud Pak System version 2.3.1.1, 2.3.2.0 (Power), and 2.3.3.7 (Power) as well as related Intel lines 2.3.3.0–2.3.3.6. Root cause is an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. Impact ...
CVE-2020-4917
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391...
Information disclosure
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...
CVE-2020-4918
IBM Cloud Pak System 2.3 contains an information-disclosure flaw stemming from an insecure direct object reference in the Sales and Service Console of the Platform System Manager. A local privileged user could disclose sensitive data. Affected versions: Cloud Pak System 2.3 (per CVE-2020-4918). C...
CVE-2020-4917
CVE-2020-4917 affects IBM Cloud Pak System 2.3 and describes a cross-site request forgery vulnerability that could let an attacker perform malicious actions on behalf of a trusted user. The issue is documented with the affected product/version and the stated impact (unauthorized actions transmitt...
CVE-2020-4913
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288...