Lucene search

K

22 matches found

CVE
CVE
added 2024/02/29 3:15 a.m.85 views

CVE-2021-39090

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle te...

5.9CVSS5.4AI score0.00014EPSS
CVE
CVE
added 2024/03/03 1:15 p.m.71 views

CVE-2024-22355

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.

5.9CVSS5.6AI score0.00045EPSS
CVE
CVE
added 2022/11/11 7:15 p.m.68 views

CVE-2022-38387

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

8.8CVSS8.6AI score0.00179EPSS
CVE
CVE
added 2024/08/14 4:15 p.m.68 views

CVE-2024-28799

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. I...

7.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2024/03/03 1:15 p.m.63 views

CVE-2023-47742

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533.

5.9CVSS5.4AI score0.00033EPSS
CVE
CVE
added 2024/08/15 3:15 a.m.63 views

CVE-2024-25024

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

5.5CVSS6AI score0.00016EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.57 views

CVE-2024-22335

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.

5.5CVSS4.7AI score0.00029EPSS
CVE
CVE
added 2024/05/02 3:15 p.m.56 views

CVE-2023-47727

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

4.3CVSS6.2AI score0.00041EPSS
CVE
CVE
added 2024/06/28 7:15 p.m.55 views

CVE-2022-38383

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.

4CVSS3.5AI score0.00028EPSS
CVE
CVE
added 2022/11/15 9:15 p.m.55 views

CVE-2022-38385

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777.

8.1CVSS7.5AI score0.00085EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.55 views

CVE-2024-22337

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.

5.5CVSS4.7AI score0.00022EPSS
CVE
CVE
added 2024/07/10 1:15 a.m.55 views

CVE-2024-25023

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

5.5CVSS5.1AI score0.00013EPSS
CVE
CVE
added 2023/11/22 7:15 p.m.53 views

CVE-2022-36777

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

6.5CVSS5.2AI score0.00061EPSS
CVE
CVE
added 2024/08/13 2:15 a.m.53 views

CVE-2022-38382

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

4.7CVSS4.3AI score0.00054EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.52 views

CVE-2024-22336

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

5.5CVSS4.7AI score0.00029EPSS
CVE
CVE
added 2022/11/11 7:15 p.m.51 views

CVE-2022-36776

IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Fo...

5.4CVSS5.2AI score0.00135EPSS
CVE
CVE
added 2023/01/20 7:15 p.m.50 views

CVE-2021-39011

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

4.9CVSS4.2AI score0.00052EPSS
CVE
CVE
added 2023/01/20 7:15 p.m.50 views

CVE-2021-39089

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.

6.5CVSS5AI score0.00081EPSS
CVE
CVE
added 2024/05/01 1:15 p.m.49 views

CVE-2022-38386

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...

5.9CVSS5.8AI score0.00057EPSS
CVE
CVE
added 2024/08/16 8:15 p.m.48 views

CVE-2023-47728

IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against...

7.5CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/02/17 4:15 p.m.47 views

CVE-2023-50951

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.

4.3CVSS4AI score0.00054EPSS
CVE
CVE
added 2023/06/27 8:15 p.m.36 views

CVE-2023-30993

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.

7.5CVSS6.6AI score0.00062EPSS