Cloud Pak For Applications@* Security Vulnerabilities and Issues — Cloud Pak For Applications@* CVE List

Lucene search

IbmCloud Pak For Applications*

6 matches found

CVE•added 2021/07/13 4:15 p.m.•40 views

CVE-2021-20424

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.

4.3CVSS4.1AI score0.00095EPSS

CVE•added 2021/07/13 4:15 p.m.•38 views

CVE-2021-20368

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357.

5.4CVSS5.1AI score0.00247EPSS

CVE•added 2021/07/13 4:15 p.m.•34 views

CVE-2021-20366

5.4CVSS5.1AI score0.00247EPSS

CVE•added 2021/07/13 4:15 p.m.•32 views

CVE-2021-20369

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.

5.9CVSS5.5AI score0.00129EPSS

CVE•added 2021/07/13 4:15 p.m.•30 views

CVE-2021-20423

IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.

8.8CVSS8.3AI score0.00179EPSS

CVE•added 2021/07/13 4:15 p.m.•28 views

CVE-2021-20422

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.

7.5CVSS6.9AI score0.00214EPSS