36 matches found
CVE-2021-20479
IBM Cloud Pak System 2.3.0–2.3.3.3 Interim Fix 1 uses weaker cryptographic algorithms, potentially allowing decryption of highly sensitive information. Impact is confidentiality (HIGH); attack vector is NETWORK with no authentication required. Upgrade to IBM Cloud Pak System 2.3.3.4 (fix availabl...
CVE-2023-38713
CVE-2023-38713 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1, where a vulnerability could disclose sensitive information about the system. The issue is acknowledged across multiple sources...
CVE-2023-38012
CVE-2023-38012 affects IBM Cloud Pak System versions 2.3.3.6–2.3.4.0. A path traversal flaw allows a remote attacker to view arbitrary system files by crafting URL requests containing "dot dot" sequences (/../). IBM and CVE records cite the impact as directory traversal with CVSS v3.1 base score ...
CVE-2020-4914
The CVE-2020-4914 issue affects IBM Cloud Pak System Software Suite 2.3.3.0–2.3.3.5, where sessions are not invalidated on logout, potentially allowing a local user to impersonate another user. This vulnerability concerns the logout/session handling component in IBM Cloud Pak System UI and REST A...
CVE-2023-38271
CVE-2023-38271 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 and 2.3.3.7 iFix1. An authenticated user could obtain sensitive information from log files. Remediation: upgrade to v2.3.4.0 (Intel) or v2.3.5.0 (...
CVE-2023-38272
IBM Cloud Pak System vulnerabilities CVE-2023-38272 affect versions 2.3.3.0 through 2.3.4.1. The issue could allow a user with network access to read sensitive information from CLI arguments, indicating a information disclosure flaw in CLI handling. The connected IBM bulletin confirms the impact ...
CVE-2023-37405
IBM Cloud Pak System stores sensitive data in memory across versions 2.3.3.0 through 2.3.4.1, enabling potential unauthorized access (information disclosure). The issue is documented as CVE-2023-37405 with CVSS v3.1 Base Score 6.5 (Impact: Confidentiality High, others None). Remediation: for Inte...
CVE-2023-38714
CVE-2023-38714 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1, with the issue described as disclosing sensitive information about the system that could aid in further attacks. The IBM secur...
CVE-2023-38013
IBM Cloud Pak System exposed information-disclosure in HTTP responses affecting versions 2.3.3.0, 2.3.3.3/3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6 (including iFix1/2), 2.3.3.7 and corresponding iFixes. Root cause: information disclosure in HTTP responses that could aid further attacks. Remediation per ...
CVE-2023-38716
CVE-2023-38716 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.6 (iFix1/iFix2), 2.3.3.7 (and iFix1), and 2.3.4.0. IBM’s bulletin assigns CWE-209 (information exposure via error messages) and notes potential disclosure of system information that could aid subsequent attacks. Remediation varie...
CVE-2020-4912
CVE-2020-4912 affects IBM Cloud Pak System 2.3, specifically the Self Service Console. The vulnerability allows privilege escalation by capturing the user request URL when a privileged user is logged in. This is supported by multiple sources in the connected set (NVD entry for CVE-2020-4912 and C...
CVE-2020-4919
CVE-2020-4919 affects IBM Cloud Pak System 2.3, where insufficient logout controls can let an authenticated privileged user impersonate another user. Root cause: inadequate session/logout handling on the system. The entry is supported by multiple sources (NVD/CVE, CNVD/Prion) indicating the same ...
CVE-2019-4095
CVE-2019-4095 affects IBM Cloud Pak System 2.3 (including 2.3.0.1) and is due to a cross-site request forgery that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. IBM X-Force ID: 158015. The IBM Security Bulletin confirms the vulnerability and lists...
CVE-2023-38273
CVE-2023-38273 affects IBM Cloud Pak System components: Cloud Pak System version 2.3.1.1, 2.3.2.0 (Power), and 2.3.3.7 (Power) as well as related Intel lines 2.3.3.0–2.3.3.6. Root cause is an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. Impact ...
CVE-2019-4468
CVE-2019-4468 affects IBM Cloud Pak System 2.3 and 2.3.0.1, where the Platform System Manager Web UI is vulnerable to cross-site scripting (XSS). The vulnerability allows arbitrary JavaScript execution within a trusted session, potentially leading to credentials disclosure. The IBM Security Bulle...
CVE-2020-4916
The CVE-2020-4916 entry applies to IBM Cloud Pak System 2.3, where a cross-site scripting vulnerability in the Web UI allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The problem is tied to the IBM Cloud Pak System 2.3 stack (Web UI co...
CVE-2020-4917
CVE-2020-4917 affects IBM Cloud Pak System 2.3 and describes a cross-site request forgery vulnerability that could let an attacker perform malicious actions on behalf of a trusted user. The issue is documented with the affected product/version and the stated impact (unauthorized actions transmitt...
CVE-2019-4465
CVE-2019-4465 affects IBM Cloud Pak System 2.3 and 2.3.0.1, where Web pages can be stored locally and read by another user on the same system. This is due to a local storage flaw in Cloud Pak System Manager. Impact is information exposure of stored web pages. Remediation: upgrade to Cloud Pak Sys...
CVE-2020-4913
CVE-2020-4913 affects IBM Cloud Pak System 2.3. An information-disclosure issue could let a local privileged user view credential data via HTTP responses, exposing partial confidentiality with HIGH impact to credentials information. The known remediation per IBM notes is to upgrade to a fixed Clo...
CVE-2021-20478
CVE-2021-20478 affects IBM Cloud Pak System (V2.3). The vulnerability allows a local user to view artifacts belonging to another user in the self-service console. Affected: IBM Cloud Pak System from V2.3.3.0 through V2.3.3.3. Remediation: upgrade to V2.3.3.3 or apply Interim Fix 1 for 2.3.3.x as ...
CVE-2020-4910
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting in the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected product/version: IBM Cloud Pak System 2.3. Remediation: upgrade to Cloud Pak System v2.3.3.3 (pe...
CVE-2019-4226
Affected product: IBM Cloud Pak System 2.3 and 2.3.0.1. Vulnerability: Cross-site scripting in the Web UI that can inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Impact (as stated): manipulation of UI and credential exposure; CVSS v3.0 base sc...
CVE-2019-4521
The CVE-2019-4521 issue affects IBM Cloud Pak System Platform System Manager (2.3) and is caused by improper validation of CSV file contents, leading to CVS Injection that could allow a remote attacker to execute arbitrary commands over the network. IBM’s bulletin confirms the affected versions (...
CVE-2019-4098
CVE-2019-4098 affects IBM Cloud Pak System 2.3 and 2.3.0.1, with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM advisory (and related IBM X-Force reference) confir...
CVE-2020-4909
CVE-2020-4909 affects IBM Cloud Pak System 2.3. It describes a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected product: IBM Cloud Pak System 2.3. Remediation provided...
CVE-2019-4130
CVE-2019-4130 affects IBM Cloud Pak System 2.3 and 2.3.0.1, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code on the vulnerable server. The IBM Security Bulletin corroborates this issue and provides affected versions and recommended fixes. The remediation...
CVE-2019-4467
IBM Cloud Pak System Platform System Manager (Cloud Pak System) is affected by CVE-2019-4467, with vulnerable versions 2.3 and 2.3.0.1. The issue is a cross-site scripting (XSS) vulnerability in the Web UI that can allow an attacker to embed arbitrary JavaScript, potentially leading to credential...
CVE-2020-4918
IBM Cloud Pak System 2.3 contains an information-disclosure flaw stemming from an insecure direct object reference in the Sales and Service Console of the Platform System Manager. A local privileged user could disclose sensitive data. Affected versions: Cloud Pak System 2.3 (per CVE-2020-4918). C...
CVE-2020-4928
IBM Cloud Pak System 2.3 is affected by CVE-2020-4928, where a local privileged attacker can upload arbitrary files by intercepting requests and modifying the file extension, potentially enabling arbitrary code execution on the server. The vulnerability affects the IBM Cloud Pak System 2.3 line a...
CVE-2023-38007
CVE-2023-38007 affects IBM Cloud Pak System versions on Power (2.3.5.0; 2.3.3.7 with iFix1) and Intel (2.3.3.6 with iFix1/2; 2.3.4.0/2.3.4.1). Root cause is HTML injection (XSS) in the web UI, allowing a remote attacker to inject malicious HTML that runs in the browser within the hosting site's s...
CVE-2025-2895
IBM Cloud Pak System is affected by HTML injection (CVE-2025-2895) in the following versions: 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1. The vulnerability enables a remote attacker to inject HTML that executes in the victim’s browser within the hosting sit...
CVE-2023-38005
CVE-2023-38005 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. An authenticated user could perform unauthorized tasks due to improper access controls (CWE-284). IBM’s bulletin combines this with CVE-2023-38265; the base score for CVE-2023-38005 is 4.3 (Mediu...
CVE-2023-38281
CVE-2023-38281 affects IBM Cloud Pak System. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing cookies to be exposed if a user visits an http link or if a link is planted on a site, enabling traffic snooping. Affected products/versions i...
CVE-2023-38017
CVE-2023-38017 affects IBM Cloud Pak System and related IBM Cloud Pak components, with a cross-site scripting vulnerability in the Web UI that could allow arbitrary JavaScript execution and credentials disclosure in a trusted session. Publicly documented details show affected versions for IBM Clo...
CVE-2023-38265
CVE-2023-38265 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. The issue is improper access control that allows information disclosure through directory listing, exposing folder location details to unauthenticated attackers and potentially aiding further att...
CVE-2023-38010
Technical details about CVE-2023-38010 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.