Lucene search
+L
IbmCloud Pak For Security

53 matches found

CVE
CVE
added 2025/06/03 3:16 p.m.148 views

CVE-2025-25022

CVE-2025-25022 affects IBM QRadar Suite Software 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0, allowing an unauthenticated user to obtain highly sensitive information in configuration files. The issue’s remediation per IBM guidance is to upgrade to QRadar 1.11.3.0 and Clou...

9.6CVSS9.1AI score0.00302EPSS
CVE
CVE
added 2024/02/29 2:35 a.m.101 views

CVE-2021-39090

CVE-2021-39090 affects IBM Cloud Pak for Security (CP4S). CP4S versions 1.10.0.0 through 1.10.6.0 are vulnerable due to a failure to properly enable HTTP Strict Transport Security, enabling a remote attacker to obtain sensitive information via man-in-the-middle techniques. Impact is information d...

5.9CVSS5.4AI score0.00449EPSS
CVE
CVE
added 2024/08/14 3:41 p.m.94 views

CVE-2024-28799

CVE-2024-28799 affects IBM QRadar Suite Software (1.10.12.0–1.10.23.0) and IBM Cloud Pak for Security (1.10.0.0–1.10.11.0). Root cause: sensitive data is displayed improperly to a local privileged user during back-end commands in non-default configurations, leading to potential information disclo...

7.5CVSS5.9AI score0.00301EPSS
CVE
CVE
added 2024/03/03 12:20 p.m.92 views

CVE-2024-22355

The CVE-2024-22355 issue affects IBM QRadar Suite Products 1.10.12.0–1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0, caused by weak default password requirements which can enable account compromise. Impact is limited to authentication weaknesses (confidentiality risk due to potential...

5.9CVSS5.6AI score0.0041EPSS
CVE
CVE
added 2022/11/11 6:16 p.m.83 views

CVE-2022-38387

CVE-2022-38387 affects IBM Cloud Pak for Security (CP4S) versions 1.10.0.0 through 1.10.2.0. Affected component: CP4S service logic exposed to remote requests. Root cause: command injection allowing a remote authenticated attacker to execute arbitrary commands on the system via a specially crafte...

8.8CVSS8.6AI score0.00875EPSS
CVE
CVE
added 2024/08/15 2:42 a.m.83 views

CVE-2024-25024

CVE-2024-25024 affects IBM QRadar Suite Software (versions 1.10.12.0–1.10.23.0) and IBM Cloud Pak for Security (1.10.0.0–1.10.11.0). The root cause is storage of user credentials in plain clear text that can be read by a local user, enabling potential unauthorized access to sensitive data. Impact...

5.5CVSS6AI score0.0012EPSS
CVE
CVE
added 2024/04/23 12:16 p.m.82 views

CVE-2023-47731

IBM QRadar Suite Software (1.10.12.0–1.10.19.0) and IBM Cloud Pak for Security (1.10.0.0–1.10.11.0) are affected by a stored cross-site scripting flaw in the Web UI. The issue allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediatio...

5.4CVSS5.9AI score0.00303EPSS
CVE
CVE
added 2024/05/02 2:43 p.m.76 views

CVE-2023-47727

CVE-2023-47727 affects IBM Cloud Pak for Security (versions 1.10.0.0–1.10.11.0) and IBM QRadar Suite Software (versions 1.10.12.0–1.10.20.0). The vulnerability stems from improper input validation, allowing an authenticated user to modify dashboard parameters. The CVSS base score is 4.3 (impactin...

4.3CVSS6.2AI score0.00348EPSS
CVE
CVE
added 2024/03/03 12:18 p.m.76 views

CVE-2023-47742

CVE-2023-47742 affects IBM QRadar Suite Products 1.10.12.0–1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. Root cause: improper enforcement of certificate validation, enabling potential information disclosure via man-in-the-middle techniques. Impact is described as sensitive informat...

5.9CVSS5.4AI score0.00246EPSS
CVE
CVE
added 2024/04/03 12:0 p.m.76 views

CVE-2024-28782

IBM CVE-2024-28782 affects IBM QRadar Suite Software and IBM Cloud Pak for Security: QRadar Suite 1.10.12.0–1.10.18.0 and Cloud Pak for Security 1.10.0.0–1.10.11.0 store user credentials in plain clear text readable by an authenticated user. Root cause is plaintext credential storage, enabling in...

6.5CVSS6.1AI score0.00365EPSS
CVE
CVE
added 2024/06/18 1:40 p.m.74 views

CVE-2023-47726

CVE-2023-47726 affects IBM QRadar Suite Software 1.10.12.0–1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0–1.10.21.0. The issue is due to improper input validation, allowing an authenticated user to execute arbitrary commands. Exploitation details are not provided in the documents. Remediation...

8.8CVSS7.1AI score0.00368EPSS
CVE
CVE
added 2024/07/09 11:58 p.m.74 views

CVE-2024-25023

IBM Cloud Pak for Security 1.10.0.0–1.10.11.0 and QRadar Suite Software 1.10.12.0–1.10.22.0 store potentially sensitive information in log files that could be read by a local user. Root cause: information disclosure via logs. Impact is limited to local access to logs; no exploits detailed in the ...

5.5CVSS5.1AI score0.00115EPSS
CVE
CVE
added 2022/11/11 6:19 p.m.73 views

CVE-2022-38385

IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.2.0 is affected by an input validation issue that could allow an authenticated user to access highly sensitive information or perform unauthorized actions. The Red Hat and IBM bulletins confirm the root cause as improper input validation and list CP...

8.1CVSS7.5AI score0.00514EPSS
CVE
CVE
added 2024/08/16 7:12 p.m.72 views

CVE-2023-47728

CVE-2023-47728 affects IBM QRadar Suite Software (1.10.12.0–1.10.22.0) and IBM Cloud Pak for Security (1.10.0.0–1.10.11.0). The root cause is exposure via detailed technical error messages returned in requests, enabling a remote attacker to obtain sensitive information. Impact is information disc...

7.5CVSS4.8AI score0.00458EPSS
CVE
CVE
added 2024/02/17 3:46 p.m.70 views

CVE-2024-22337

CVE-2024-22337 (IBM QRadar Suite and IBM Cloud Pak for Security) affects IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, where potentially sensitive information stored in log files could be read by a local user. The root ca...

5.5CVSS4.7AI score0.00191EPSS
CVE
CVE
added 2024/05/01 12:48 p.m.69 views

CVE-2022-38386

CVE-2022-38386 affects IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0–1.10.19.0. The root cause is that SameSite is not set for sensitive cookies, enabling potential information disclosure via MITM. IBM and Red Hat advisories confirm this vulnerab...

5.9CVSS5.8AI score0.00465EPSS
CVE
CVE
added 2023/01/20 6:8 p.m.68 views

CVE-2021-39011

CVE-2021-39011 affects IBM Cloud Pak for Security (CP4S) versions 1.10.0.0 through 1.10.6.0, where potentially sensitive information could be stored in log files readable by a privileged user. The root cause is information disclosure via log data exposure. IBM’s bulletin indicates remediation via...

4.9CVSS4.2AI score0.00585EPSS
CVE
CVE
added 2021/12/22 4:50 p.m.68 views

CVE-2021-39013

CVE-2021-39013 affects IBM Cloud Pak for Security (CP4S) versions 1.7.2.0, 1.7.1.0, and 1.7.0.0. An authenticated user can obtain sensitive information in HTTP responses, which could be used to support further attacks against the system. The vulnerability details and affected versions are support...

6.5CVSS6AI score0.00785EPSS
CVE
CVE
added 2024/06/28 7:3 p.m.68 views

CVE-2022-38383

CVE-2022-38383 affects IBM Cloud Pak for Security (CP4S) and QRadar Suite: CP4S 1.10.0.0–1.10.11.0 and QRadar Suite 1.10.12.0–1.10.21.0 store web pages locally, readable by another user on the same system (information exposure). Root cause is local storage of pages containing sensitive data. IBM’...

4CVSS3.5AI score0.00168EPSS
CVE
CVE
added 2024/02/17 4:0 p.m.68 views

CVE-2023-50951

CVE-2023-50951 affects IBM QRadar Suite and IBM Cloud Pak for Security. In some circumstances, the vulnerable software logs sensitive information about invalid authorization attempts, enabling potential information disclosure from logs. Affected: QRadar Suite versions 1.10.12.0–1.10.17.0 and Clou...

4.3CVSS4AI score0.00402EPSS
CVE
CVE
added 2024/02/17 3:32 p.m.68 views

CVE-2024-22335

Summary of vulnerability (CVE-2024-22335) : IBM QRadar Suite versions 1.10.12.0–1.10.17.0 and IBM Cloud Pak for Security versions 1.10.0.0–1.10.11.0 store potentially sensitive information in log files that could be read by a local user, per multiple sources. The root cause is information exposur...

5.5CVSS4.7AI score0.00191EPSS
CVE
CVE
added 2025/06/03 3:18 p.m.68 views

CVE-2025-1334

CVE-2025-1334 affects IBM QRadar Suite Software 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The vulnerability allows web pages to be stored locally on a system and read by another user, constituting an information disclosure risk. The IBM bulletin lists this CVE among se...

4CVSS4.1AI score0.00163EPSS
CVE
CVE
added 2024/08/13 1:1 a.m.67 views

CVE-2022-38382

IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.11.0 and IBM QRadar Suite Software 1.10.12.0–1.10.23.0 do not invalidate sessions after logout, potentially allowing another authenticated user to obtain sensitive information. This CVE-2022-38382 is corroborated by IBM/X-Force sources and Red Hat's...

4.7CVSS4.3AI score0.00285EPSS
CVE
CVE
added 2024/02/17 3:45 p.m.67 views

CVE-2024-22336

CVE-2024-22336 affects IBM QRadar Suite (1.10.12.0–1.10.17.0) and IBM Cloud Pak for Security (1.10.0.0–1.10.11.0). Root cause: information exposure by storing potentially sensitive data in log files readable by a local user. Impact is Confidentiality (high); no integrity/availability impact state...

5.5CVSS4.7AI score0.00195EPSS
CVE
CVE
added 2022/11/11 6:44 p.m.66 views

CVE-2022-36776

IBM Cloud Pak for Security (CP4S) versions 1.10.0.0 through 1.10.2.0 are affected by a cross-site scripting (XSS) vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Root cause: reflected or stored XSS in the ...

5.4CVSS5.2AI score0.00373EPSS
CVE
CVE
added 2025/06/03 3:17 p.m.66 views

CVE-2025-25021

CVE-2025-25021 affects IBM QRadar Suite Software 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The issue is a code injection vulnerability caused by improper generation/filtering of constructed code snippets in the case management script, enabling privileged code execution...

7.2CVSS6.9AI score0.00555EPSS
CVE
CVE
added 2023/11/22 6:28 p.m.65 views

CVE-2022-36777

CVE-2022-36777 affects IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.11.0 and IBM QRadar Suite Software 1.10.12.0–1.10.16.0, enabling an authenticated user to obtain sensitive version information that could aid subsequent attacks. The issue is described as an information-disclosure vulnerabilit...

6.5CVSS5.2AI score0.00585EPSS
CVE
CVE
added 2025/06/03 3:14 p.m.65 views

CVE-2025-25019

CVE-2025-25019 affects IBM QRadar Suite Software versions 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. The issue stems from a failure to invalidate sessions after logout, enabling an attacker to impersonate another user. IBM’s advisories indicate a remediation path: upgra...

6.5CVSS5AI score0.00228EPSS
CVE
CVE
added 2023/01/20 6:14 p.m.62 views

CVE-2021-39089

IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.6.0 contains an information-disclosure vulnerability that could allow an authenticated user to obtain sensitive data via a specially crafted HTTP request. The issue has been addressed in CP4S 1.10.7.0; upgrade to at least 1.10.7.0 to remediate. CVSS...

6.5CVSS5AI score0.00692EPSS
CVE
CVE
added 2021/08/02 4:35 p.m.61 views

CVE-2021-20539

CVE-2021-20539 affects IBM Cloud Pak for Security (CP4S) versions 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0. It permits an information disclosure vulnerability where an unauthorized user could obtain sensitive data via HTTP GET requests. The risk is limited to disclosure; no exploi...

5.3CVSS5.2AI score0.00944EPSS
CVE
CVE
added 2021/08/02 4:35 p.m.58 views

CVE-2021-29696

CVE-2021-29696 affects IBM Cloud Pak for Security (CP4S) versions 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0. A remote authenticated attacker could execute arbitrary commands on the system by sending a specially crafted request. The vulnerability is documented across multiple source...

9CVSS7.3AI score0.02549EPSS
CVE
CVE
added 2025/06/03 3:19 p.m.58 views

CVE-2025-25020

CVE-2025-25020 affects IBM QRadar Suite Software 1.10.12.0–1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0–1.10.11.0. Root cause: improper validation of API data input, allowing an authenticated user to cause a denial of service. IBM’s advisory and multiple sources confirm the vulnerability exis...

6.5CVSS6.6AI score0.00373EPSS
CVE
CVE
added 2020/11/30 3:30 p.m.55 views

CVE-2020-4626

CVE-2020-4626 affects IBM Cloud Pak for Security (CP4S) 1.3.0.1. An authenticated user can cause information disclosure by sending a specially crafted HTTP request, potentially revealing sensitive internal network information. The IBM security bulletin notes the issue and provides a remediation p...

5CVSS4.2AI score0.00976EPSS
CVE
CVE
added 2020/11/30 3:30 p.m.54 views

CVE-2020-4627

CVE-2020-4627 affects IBM Cloud Pak for Security (CP4S) version 1.3.0.1, where a vulnerability in the handling/validation of CSV file contents could allow a remote attacker to execute arbitrary commands. The root cause is improper validation of CSV data leading to CVS Injection. The IBM security ...

9CVSS9.1AI score0.01591EPSS
CVE
CVE
added 2021/08/02 4:35 p.m.54 views

CVE-2021-20540

CVE-2021-20540 affects IBM Cloud Pak for Security (CP4S) versions 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0. The issue allows an unauthorized user to disclose sensitive information via HTTP GET requests. This disclosure could be used for further attacks on the system. IBM documenta...

5.3CVSS5.2AI score0.00912EPSS
CVE
CVE
added 2023/06/27 7:25 p.m.54 views

CVE-2023-30993

Summary of vulnerability (CVE-2023-30993) : IBM Cloud Pak for Security (CP4S) versions 1.9.0.0 through 1.9.2.0 are affected. A flaw could allow an attacker who has a valid API key for one tenant to access data from another tenant’s account, indicating a cross-tenant data exposure vulnerability. R...

7.5CVSS6.6AI score0.00615EPSS
CVE
CVE
added 2021/01/27 1:5 p.m.52 views

CVE-2020-4628

IBM Cloud Pak for Security (CP4S) versions 1.3.0.1 and 1.4.0.0 are affected by an information disclosure vulnerability where detailed browser error messages leak sensitive information. The root cause is exposure of internal details via error messages, which could enable further attacks. Remediati...

5.3CVSS4.9AI score0.01284EPSS
CVE
CVE
added 2021/01/27 1:5 p.m.52 views

CVE-2020-4816

CVE-2020-4816 affects IBM Cloud Pak for Security (CP4S) 1.4.0.0, where failure to properly enable HTTP Strict Transport Security can allow a remote attacker to disclose sensitive information via man-in-the-middle techniques. The issue is documented by IBM and related CVSS vectors indicate user im...

5.9CVSS5.4AI score0.01151EPSS
CVE
CVE
added 2021/08/02 4:35 p.m.52 views

CVE-2021-29697

CVE-2021-29697 affects IBM Cloud Pak for Security (CP4S) releases 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0. The issue enables a remote authenticated attacker to disclose sensitive information via HTTP requests, potentially enabling further attacks. Affected component/underlying ca...

4.9CVSS5AI score0.01387EPSS
CVE
CVE
added 2021/09/30 4:20 p.m.52 views

CVE-2021-29894

CVE-2021-29894 affects IBM Cloud Pak for Security (CP4S) versions 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. A remediation is available: upgrade to CP4S 1.8.0.0 following IBM’s upgrad...

7.5CVSS7.4AI score0.00665EPSS
CVE
CVE
added 2021/08/02 4:35 p.m.51 views

CVE-2021-20541

CVE-2021-20541 affects IBM Cloud Pak for Security (CP4S) versions 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0.** An information-disclosure vulnerability allows an unauthenticated/unauthorized user to obtain sensitive data via HTTP GET requests, which could be leveraged for further at...

5.3CVSS5.2AI score0.00868EPSS
CVE
CVE
added 2021/05/14 4:15 p.m.51 views

CVE-2021-20565

Summary of CVE-2021-20565 (IBM Cloud Pak for Security CP4S) CP4S versions affected: 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1. The issue is a logic vulnerability in the protection mechanism that relies on the existence or value of input data. An untrusted actor can modify the input in a way...

5.3CVSS6.1AI score0.00839EPSS
CVE
CVE
added 2020/11/30 3:30 p.m.50 views

CVE-2020-4624

CVE-2020-4624 affects IBM Cloud Pak for Security (CP4S) 1.3.0.1, where negotiation uses weaker cryptographic algorithms (e.g., TLS 1.0/1.1 not disabled by default), potentially allowing an attacker to decrypt sensitive information. Remediation: upgrade to CP4S v1.4.0.0 as documented by IBM.

5.3CVSS5.1AI score0.00726EPSS
CVE
CVE
added 2020/11/30 3:30 p.m.50 views

CVE-2020-4696

CVE-2020-4696 affects IBM Cloud Pak for Security (CP4S) version 1.3.0.1. The root cause is that the session is not invalidated after logout, which could allow an authenticated user to obtain sensitive information from the previous session. Affected software: CP4S 1.3.0.1. Impact described in sour...

5.3CVSS4.2AI score0.00741EPSS
CVE
CVE
added 2021/09/30 4:20 p.m.50 views

CVE-2021-20578

CVE-2021-20578 affects IBM Cloud Pak for Security (CP4S) versions 1.7.0.0, 1.7.1.0, 1.7.2.0 and 1.8.0.0, where improper or missing authentication controls could permit an attacker to perform unauthorized actions. The connected IBM bulletin confirms CP4S vulnerability details and provides remediat...

9.8CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/05/14 4:15 p.m.49 views

CVE-2021-20564

CVE-2021-20564 affects IBM Cloud Pak for Security (CP4S) versions 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0 and 1.6.0.1, where a failure to properly enable HTTP Strict Transport Security can allow a remote attacker to obtain sensitive information via MITM. The vulnerability is an information disclosure ...

5.9CVSS6.2AI score0.00851EPSS
CVE
CVE
added 2021/05/10 4:20 p.m.49 views

CVE-2021-20577

IBM Cloud Pak for Security (CP4S) versions 1.5.0.0 and 1.5.0.1 are vulnerable to cross-site scripting in the Web UI, allowing embedding of arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted session. This CVE entry is supported by multipl...

6.1CVSS6.1AI score0.00606EPSS
CVE
CVE
added 2020/11/30 3:30 p.m.45 views

CVE-2020-4625

CVE-2020-4625 affects IBM Cloud Pak for Security (CP4S) 1.3.0.1, where the HTTPOnly flag is not set on cookies, enabling potential information disclosure to a remote attacker. The issue is rooted in missing cookie flag handling, as described in IBM’s security bulletin and CVE records, with CVSS s...

5.3CVSS5AI score0.01476EPSS
CVE
CVE
added 2021/01/27 1:5 p.m.44 views

CVE-2020-4820

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is affected by CVE-2020-4820: a cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected product/version: Cloud Pak for Security (CP4S) 1.4.0.0. ...

6.1CVSS5.9AI score0.00721EPSS
CVE
CVE
added 2021/05/10 4:20 p.m.44 views

CVE-2021-20538

Affected product: IBM Cloud Pak for Security (CP4S) infers CP4S 1.5.0.0 and 1.5.0.1. Vulnerability: incorrect authorization could allow a user to obtain sensitive information or perform actions they should not have access to. Root cause (as stated): improper authorization mechanisms. Impact: pote...

9.1CVSS8.5AI score0.00737EPSS
Total number of security vulnerabilities53