Lucene search

K
IbmCloud Pak For Security

20 matches found

CVE
CVE
added 2021/12/22 5:15 p.m.49 views

CVE-2021-39013

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

6.5CVSS6AI score0.00162EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.41 views

CVE-2021-29696

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

9CVSS7.3AI score0.00362EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.40 views

CVE-2020-4816

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Fo...

5.9CVSS5.4AI score0.00259EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.39 views

CVE-2021-20540

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.

5.3CVSS5.2AI score0.00194EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.38 views

CVE-2021-20539

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.

5.3CVSS5.2AI score0.00169EPSS
CVE
CVE
added 2021/09/30 5:15 p.m.38 views

CVE-2021-20578

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

9.8CVSS9.1AI score0.00197EPSS
CVE
CVE
added 2021/10/19 4:15 p.m.38 views

CVE-2021-29912

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.

5.4CVSS5.2AI score0.00111EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.36 views

CVE-2021-20564

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information usin...

5.9CVSS6.2AI score0.00072EPSS
CVE
CVE
added 2021/09/30 5:15 p.m.36 views

CVE-2021-29894

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

7.5CVSS7.4AI score0.00134EPSS
CVE
CVE
added 2021/10/19 4:15 p.m.36 views

CVE-2021-38911

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

4.9CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.35 views

CVE-2021-20541

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.

5.3CVSS5.2AI score0.00169EPSS
CVE
CVE
added 2021/08/02 5:15 p.m.35 views

CVE-2021-29697

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.

4.9CVSS5AI score0.00154EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.34 views

CVE-2021-20565

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236.

5.3CVSS6.1AI score0.00162EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.32 views

CVE-2020-4628

IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.

5.3CVSS4.9AI score0.00177EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.32 views

CVE-2020-4815

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.

5.3CVSS4.9AI score0.00134EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.32 views

CVE-2020-4820

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.9AI score0.00188EPSS
CVE
CVE
added 2021/05/10 5:15 p.m.32 views

CVE-2021-20577

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

6.1CVSS6.1AI score0.00172EPSS
CVE
CVE
added 2021/01/27 1:15 p.m.30 views

CVE-2020-4967

IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

4.3CVSS4.2AI score0.00156EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.29 views

CVE-2020-4811

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.

4CVSS4.2AI score0.00077EPSS
CVE
CVE
added 2021/05/10 5:15 p.m.29 views

CVE-2021-20538

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.

9.1CVSS8.5AI score0.00127EPSS