Lucene search
K
IbmCloud Pak System

36 matches found

CVE
CVE
added 2022/05/09 4:35 p.m.118 views

CVE-2021-20479

IBM Cloud Pak System 2.3.0–2.3.3.3 Interim Fix 1 uses weaker cryptographic algorithms, potentially allowing decryption of highly sensitive information. Impact is confidentiality (HIGH); attack vector is NETWORK with no authentication required. Upgrade to IBM Cloud Pak System 2.3.3.4 (fix availabl...

7.5CVSS7.2AI score0.00621EPSS
CVE
CVE
added 2025/01/25 1:56 p.m.74 views

CVE-2023-38713

CVE-2023-38713 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1, where a vulnerability could disclose sensitive information about the system. The issue is acknowledged across multiple sources...

7.5CVSS5AI score0.00314EPSS
CVE
CVE
added 2025/01/25 1:49 p.m.66 views

CVE-2023-38012

CVE-2023-38012 affects IBM Cloud Pak System versions 2.3.3.6–2.3.4.0. A path traversal flaw allows a remote attacker to view arbitrary system files by crafting URL requests containing "dot dot" sequences (/../). IBM and CVE records cite the impact as directory traversal with CVSS v3.1 base score ...

5.3CVSS5.3AI score0.00478EPSS
CVE
CVE
added 2023/05/05 6:17 p.m.61 views

CVE-2020-4914

The CVE-2020-4914 issue affects IBM Cloud Pak System Software Suite 2.3.3.0–2.3.3.5, where sessions are not invalidated on logout, potentially allowing a local user to impersonate another user. This vulnerability concerns the logout/session handling component in IBM Cloud Pak System UI and REST A...

5.5CVSS4.6AI score0.00148EPSS
CVE
CVE
added 2025/01/25 1:57 p.m.60 views

CVE-2023-38271

CVE-2023-38271 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 and 2.3.3.7 iFix1. An authenticated user could obtain sensitive information from log files. Remediation: upgrade to v2.3.4.0 (Intel) or v2.3.5.0 (...

6.5CVSS4.3AI score0.00306EPSS
CVE
CVE
added 2025/03/27 5:21 p.m.58 views

CVE-2023-38272

IBM Cloud Pak System vulnerabilities CVE-2023-38272 affect versions 2.3.3.0 through 2.3.4.1. The issue could allow a user with network access to read sensitive information from CLI arguments, indicating a information disclosure flaw in CLI handling. The connected IBM bulletin confirms the impact ...

7.5CVSS5.4AI score0.00326EPSS
CVE
CVE
added 2025/03/27 5:20 p.m.57 views

CVE-2023-37405

IBM Cloud Pak System stores sensitive data in memory across versions 2.3.3.0 through 2.3.4.1, enabling potential unauthorized access (information disclosure). The issue is documented as CVE-2023-37405 with CVSS v3.1 Base Score 6.5 (Impact: Confidentiality High, others None). Remediation: for Inte...

6.5CVSS6.3AI score0.00215EPSS
CVE
CVE
added 2025/01/25 1:55 p.m.57 views

CVE-2023-38714

CVE-2023-38714 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1, with the issue described as disclosing sensitive information about the system that could aid in further attacks. The IBM secur...

7.5CVSS5AI score0.00314EPSS
CVE
CVE
added 2025/01/25 1:55 p.m.56 views

CVE-2023-38013

IBM Cloud Pak System exposed information-disclosure in HTTP responses affecting versions 2.3.3.0, 2.3.3.3/3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6 (including iFix1/2), 2.3.3.7 and corresponding iFixes. Root cause: information disclosure in HTTP responses that could aid further attacks. Remediation per ...

7.5CVSS5.1AI score0.00314EPSS
CVE
CVE
added 2025/01/25 1:48 p.m.56 views

CVE-2023-38716

CVE-2023-38716 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.6 (iFix1/iFix2), 2.3.3.7 (and iFix1), and 2.3.4.0. IBM’s bulletin assigns CWE-209 (information exposure via error messages) and notes potential disclosure of system information that could aid subsequent attacks. Remediation varie...

7.5CVSS5AI score0.00314EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.51 views

CVE-2020-4912

CVE-2020-4912 affects IBM Cloud Pak System 2.3, specifically the Self Service Console. The vulnerability allows privilege escalation by capturing the user request URL when a privileged user is logged in. This is supported by multiple sources in the connected set (NVD entry for CVE-2020-4912 and C...

7.2CVSS7.2AI score0.01053EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.50 views

CVE-2020-4919

CVE-2020-4919 affects IBM Cloud Pak System 2.3, where insufficient logout controls can let an authenticated privileged user impersonate another user. Root cause: inadequate session/logout handling on the system. The entry is supported by multiple sources (NVD/CVE, CNVD/Prion) indicating the same ...

5.5CVSS4.9AI score0.00623EPSS
CVE
CVE
added 2024/02/02 2:26 p.m.49 views

CVE-2023-38273

CVE-2023-38273 affects IBM Cloud Pak System components: Cloud Pak System version 2.3.1.1, 2.3.2.0 (Power), and 2.3.3.7 (Power) as well as related Intel lines 2.3.3.0–2.3.3.6. Root cause is an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. Impact ...

7.5CVSS7.2AI score0.00674EPSS
CVE
CVE
added 2019/12/10 4:10 p.m.48 views

CVE-2019-4095

CVE-2019-4095 affects IBM Cloud Pak System 2.3 (including 2.3.0.1) and is due to a cross-site request forgery that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. IBM X-Force ID: 158015. The IBM Security Bulletin confirms the vulnerability and lists...

5.3CVSS5.5AI score0.00403EPSS
CVE
CVE
added 2019/12/03 2:55 p.m.48 views

CVE-2019-4468

CVE-2019-4468 affects IBM Cloud Pak System 2.3 and 2.3.0.1, where the Platform System Manager Web UI is vulnerable to cross-site scripting (XSS). The vulnerability allows arbitrary JavaScript execution within a trusted session, potentially leading to credentials disclosure. The IBM Security Bulle...

5.4CVSS5.5AI score0.00561EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.47 views

CVE-2020-4917

CVE-2020-4917 affects IBM Cloud Pak System 2.3 and describes a cross-site request forgery vulnerability that could let an attacker perform malicious actions on behalf of a trusted user. The issue is documented with the affected product/version and the stated impact (unauthorized actions transmitt...

8.8CVSS8.4AI score0.00425EPSS
CVE
CVE
added 2019/12/03 2:55 p.m.46 views

CVE-2019-4465

CVE-2019-4465 affects IBM Cloud Pak System 2.3 and 2.3.0.1, where Web pages can be stored locally and read by another user on the same system. This is due to a local storage flaw in Cloud Pak System Manager. Impact is information exposure of stored web pages. Remediation: upgrade to Cloud Pak Sys...

4CVSS4.3AI score0.00316EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.46 views

CVE-2020-4916

The CVE-2020-4916 entry applies to IBM Cloud Pak System 2.3, where a cross-site scripting vulnerability in the Web UI allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The problem is tied to the IBM Cloud Pak System 2.3 stack (Web UI co...

5.5CVSS5.2AI score0.00654EPSS
CVE
CVE
added 2021/07/20 5:10 p.m.46 views

CVE-2021-20478

CVE-2021-20478 affects IBM Cloud Pak System (V2.3). The vulnerability allows a local user to view artifacts belonging to another user in the self-service console. Affected: IBM Cloud Pak System from V2.3.3.0 through V2.3.3.3. Remediation: upgrade to V2.3.3.3 or apply Interim Fix 1 for 2.3.3.x as ...

4CVSS3.7AI score0.00237EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.45 views

CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting in the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected product/version: IBM Cloud Pak System 2.3. Remediation: upgrade to Cloud Pak System v2.3.3.3 (pe...

4.8CVSS5.2AI score0.00545EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.45 views

CVE-2020-4913

CVE-2020-4913 affects IBM Cloud Pak System 2.3. An information-disclosure issue could let a local privileged user view credential data via HTTP responses, exposing partial confidentiality with HIGH impact to credentials information. The known remediation per IBM notes is to upgrade to a fixed Clo...

4.4CVSS5AI score0.00302EPSS
CVE
CVE
added 2019/12/10 4:10 p.m.44 views

CVE-2019-4521

The CVE-2019-4521 issue affects IBM Cloud Pak System Platform System Manager (2.3) and is caused by improper validation of CSV file contents, leading to CVS Injection that could allow a remote attacker to execute arbitrary commands over the network. IBM’s bulletin confirms the affected versions (...

10CVSS9.3AI score0.02612EPSS
CVE
CVE
added 2019/12/03 2:55 p.m.43 views

CVE-2019-4098

CVE-2019-4098 affects IBM Cloud Pak System 2.3 and 2.3.0.1, with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM advisory (and related IBM X-Force reference) confir...

5.4CVSS5.1AI score0.00561EPSS
CVE
CVE
added 2019/12/03 2:55 p.m.43 views

CVE-2019-4226

Affected product: IBM Cloud Pak System 2.3 and 2.3.0.1. Vulnerability: Cross-site scripting in the Web UI that can inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Impact (as stated): manipulation of UI and credential exposure; CVSS v3.0 base sc...

5.4CVSS5.5AI score0.00561EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.42 views

CVE-2020-4909

CVE-2020-4909 affects IBM Cloud Pak System 2.3. It describes a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected product: IBM Cloud Pak System 2.3. Remediation provided...

4.8CVSS5.2AI score0.00545EPSS
CVE
CVE
added 2019/12/03 2:55 p.m.41 views

CVE-2019-4130

CVE-2019-4130 affects IBM Cloud Pak System 2.3 and 2.3.0.1, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code on the vulnerable server. The IBM Security Bulletin corroborates this issue and provides affected versions and recommended fixes. The remediation...

9CVSS8.7AI score0.01957EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.41 views

CVE-2020-4918

IBM Cloud Pak System 2.3 contains an information-disclosure flaw stemming from an insecure direct object reference in the Sales and Service Console of the Platform System Manager. A local privileged user could disclose sensitive data. Affected versions: Cloud Pak System 2.3 (per CVE-2020-4918). C...

4.4CVSS5AI score0.00294EPSS
CVE
CVE
added 2019/12/03 2:55 p.m.40 views

CVE-2019-4467

IBM Cloud Pak System Platform System Manager (Cloud Pak System) is affected by CVE-2019-4467, with vulnerable versions 2.3 and 2.3.0.1. The issue is a cross-site scripting (XSS) vulnerability in the Web UI that can allow an attacker to embed arbitrary JavaScript, potentially leading to credential...

5.4CVSS5.5AI score0.00561EPSS
CVE
CVE
added 2021/01/04 2:0 p.m.39 views

CVE-2020-4928

IBM Cloud Pak System 2.3 is affected by CVE-2020-4928, where a local privileged attacker can upload arbitrary files by intercepting requests and modifying the file extension, potentially enabling arbitrary code execution on the server. The vulnerability affects the IBM Cloud Pak System 2.3 line a...

6.7CVSS7.1AI score0.00353EPSS
CVE
CVE
added 2025/06/27 2:48 p.m.35 views

CVE-2023-38007

CVE-2023-38007 affects IBM Cloud Pak System versions on Power (2.3.5.0; 2.3.3.7 with iFix1) and Intel (2.3.3.6 with iFix1/2; 2.3.4.0/2.3.4.1). Root cause is HTML injection (XSS) in the web UI, allowing a remote attacker to inject malicious HTML that runs in the browser within the hosting site's s...

5.4CVSS6.5AI score0.00212EPSS
CVE
CVE
added 2025/06/30 2:39 p.m.23 views

CVE-2025-2895

IBM Cloud Pak System is affected by HTML injection (CVE-2025-2895) in the following versions: 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1. The vulnerability enables a remote attacker to inject HTML that executes in the victim’s browser within the hosting sit...

5.4CVSS6.5AI score0.00199EPSS
CVE
CVE
added 2026/02/17 9:49 p.m.19 views

CVE-2023-38005

CVE-2023-38005 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. An authenticated user could perform unauthorized tasks due to improper access controls (CWE-284). IBM’s bulletin combines this with CVE-2023-38265; the base score for CVE-2023-38005 is 4.3 (Mediu...

4.3CVSS5.5AI score0.00207EPSS
CVE
CVE
added 2026/02/04 8:45 p.m.15 views

CVE-2023-38281

CVE-2023-38281 affects IBM Cloud Pak System. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing cookies to be exposed if a user visits an http link or if a link is planted on a site, enabling traffic snooping. Affected products/versions i...

5.3CVSS5.4AI score0.00285EPSS
CVE
CVE
added 2026/02/04 8:44 p.m.14 views

CVE-2023-38017

CVE-2023-38017 affects IBM Cloud Pak System and related IBM Cloud Pak components, with a cross-site scripting vulnerability in the Web UI that could allow arbitrary JavaScript execution and credentials disclosure in a trusted session. Publicly documented details show affected versions for IBM Clo...

5.3CVSS5AI score0.00285EPSS
CVE
CVE
added 2026/02/17 7:6 p.m.14 views

CVE-2023-38265

CVE-2023-38265 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. The issue is improper access control that allows information disclosure through directory listing, exposing folder location details to unauthenticated attackers and potentially aiding further att...

5.3CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2026/02/04 8:24 p.m.11 views

CVE-2023-38010

Technical details about CVE-2023-38010 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

7.5CVSS5.2AI score0.00292EPSS