Cloud Pak For Automation@20.0.2 Security Vulnerabilities and Issues — Cloud Pak For Automation@20.0.2 CVE List

Lucene search

IbmCloud Pak For Automation20.0.2

5 matches found

CVE•added 2024/02/29 2:15 a.m.•121 views

CVE-2023-38367

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacke...

6.5CVSS6.3AI score0.0006EPSS

CVE•added 2024/03/21 2:47 a.m.•65 views

CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file con...

9.8CVSS7.2AI score0.00065EPSS

CVE•added 2021/03/30 4:15 p.m.•46 views

CVE-2021-20482

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.

7.1CVSS7.1AI score0.0038EPSS

CVE•added 2021/02/08 3:15 p.m.•37 views

CVE-2021-20359

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.

6.5CVSS6.7AI score0.00236EPSS

CVE•added 2021/02/08 3:15 p.m.•32 views

CVE-2021-20358

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.

6.5CVSS6.1AI score0.00066EPSS