Lucene search

K
IbmCloud Pak For Security

48 matches found

CVE
CVE
added 2024/02/29 3:15 a.m.85 views

CVE-2021-39090

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle te...

5.9CVSS5.4AI score0.00014EPSS
CVE
CVE
added 2024/03/03 1:15 p.m.71 views

CVE-2024-22355

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.

5.9CVSS5.6AI score0.00045EPSS
CVE
CVE
added 2022/11/11 7:15 p.m.68 views

CVE-2022-38387

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

8.8CVSS8.6AI score0.00179EPSS
CVE
CVE
added 2024/08/14 4:15 p.m.68 views

CVE-2024-28799

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. I...

7.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2024/04/23 1:15 p.m.67 views

CVE-2023-47731

IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...

5.4CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2024/03/03 1:15 p.m.63 views

CVE-2023-47742

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533.

5.9CVSS5.4AI score0.00033EPSS
CVE
CVE
added 2024/08/15 3:15 a.m.63 views

CVE-2024-25024

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

5.5CVSS6AI score0.00016EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.57 views

CVE-2024-22335

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.

5.5CVSS4.7AI score0.00029EPSS
CVE
CVE
added 2024/05/02 3:15 p.m.56 views

CVE-2023-47727

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

4.3CVSS6.2AI score0.00041EPSS
CVE
CVE
added 2024/06/28 7:15 p.m.55 views

CVE-2022-38383

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.

4CVSS3.5AI score0.00028EPSS
CVE
CVE
added 2022/11/15 9:15 p.m.55 views

CVE-2022-38385

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777.

8.1CVSS7.5AI score0.00085EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.55 views

CVE-2024-22337

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.

5.5CVSS4.7AI score0.00022EPSS
CVE
CVE
added 2024/07/10 1:15 a.m.55 views

CVE-2024-25023

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

5.5CVSS5.1AI score0.00013EPSS
CVE
CVE
added 2023/11/22 7:15 p.m.53 views

CVE-2022-36777

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

6.5CVSS5.2AI score0.00061EPSS
CVE
CVE
added 2024/08/13 2:15 a.m.53 views

CVE-2022-38382

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

4.7CVSS4.3AI score0.00054EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.52 views

CVE-2024-22336

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

5.5CVSS4.7AI score0.00029EPSS
CVE
CVE
added 2022/11/11 7:15 p.m.51 views

CVE-2022-36776

IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Fo...

5.4CVSS5.2AI score0.00135EPSS
CVE
CVE
added 2023/01/20 7:15 p.m.50 views

CVE-2021-39011

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

4.9CVSS4.2AI score0.00052EPSS
CVE
CVE
added 2023/01/20 7:15 p.m.50 views

CVE-2021-39089

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.

6.5CVSS5AI score0.00081EPSS
CVE
CVE
added 2021/12/22 5:15 p.m.49 views

CVE-2021-39013

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

6.5CVSS6AI score0.00162EPSS
CVE
CVE
added 2024/05/01 1:15 p.m.49 views

CVE-2022-38386

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...

5.9CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2024/08/16 8:15 p.m.48 views

CVE-2023-47728

IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against...

7.5CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.47 views

CVE-2023-50951

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.

4.3CVSS4AI score0.00054EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.41 views

CVE-2021-29696

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

9CVSS7.3AI score0.00362EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.40 views

CVE-2020-4816

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Fo...

5.9CVSS5.4AI score0.00259EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.39 views

CVE-2021-20540

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.

5.3CVSS5.2AI score0.00194EPSS
CVE
CVE
added 2020/11/30 4:15 p.m.38 views

CVE-2020-4627

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.

9CVSS9.1AI score0.01036EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.38 views

CVE-2021-20539

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.

5.3CVSS5.2AI score0.00169EPSS
CVE
CVE
added 2021/09/30 5:15 p.m.38 views

CVE-2021-20578

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

9.8CVSS9.1AI score0.00197EPSS
CVE
CVE
added 2021/10/19 4:15 p.m.38 views

CVE-2021-29912

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.

5.4CVSS5.2AI score0.00111EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.36 views

CVE-2021-20564

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information usin...

5.9CVSS6.2AI score0.00072EPSS
CVE
CVE
added 2021/09/30 5:15 p.m.36 views

CVE-2021-29894

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

7.5CVSS7.4AI score0.00134EPSS
CVE
CVE
added 2021/10/19 4:15 p.m.36 views

CVE-2021-38911

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

4.9CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2023/06/27 8:15 p.m.36 views

CVE-2023-30993

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.

7.5CVSS6.6AI score0.00062EPSS
CVE
CVE
added 2020/11/30 4:15 p.m.35 views

CVE-2020-4626

IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.

5CVSS4.2AI score0.00095EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.35 views

CVE-2021-20541

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.

5.3CVSS5.2AI score0.00169EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.35 views

CVE-2021-29697

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.

4.9CVSS5AI score0.00154EPSS
CVE
CVE
added 2020/11/30 4:15 p.m.34 views

CVE-2020-4624

IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.

5.3CVSS5.1AI score0.00076EPSS
CVE
CVE
added 2020/11/30 4:15 p.m.34 views

CVE-2020-4696

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.

5.3CVSS4.2AI score0.00114EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.34 views

CVE-2021-20565

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236.

5.3CVSS6.1AI score0.00162EPSS
CVE
CVE
added 2020/11/30 4:15 p.m.33 views

CVE-2020-4625

IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

5.3CVSS5AI score0.00138EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.32 views

CVE-2020-4628

IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.

5.3CVSS4.9AI score0.00177EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.32 views

CVE-2020-4815

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.

5.3CVSS4.9AI score0.00134EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.32 views

CVE-2020-4820

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.9AI score0.00188EPSS
CVE
CVE
added 2021/05/10 5:15 p.m.32 views

CVE-2021-20577

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

6.1CVSS6.1AI score0.00172EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.30 views

CVE-2020-4967

IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

4.3CVSS4.2AI score0.00156EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.29 views

CVE-2020-4811

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.

4CVSS4.2AI score0.00077EPSS
CVE
CVE
added 2021/05/10 5:15 p.m.29 views

CVE-2021-20538

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.

9.1CVSS8.5AI score0.00127EPSS