Lucene search

K
IbmCloud Pak System

31 matches found

CVE
CVE
added 2022/05/09 5:15 p.m.67 views

CVE-2021-20479

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

7.5CVSS7.2AI score0.00096EPSS
CVE
CVE
added 2025/01/25 2:15 p.m.60 views

CVE-2023-38713

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.

5.3CVSS5AI score0.00038EPSS
CVE
CVE
added 2023/05/05 7:15 p.m.48 views

CVE-2020-4914

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

5.5CVSS4.6AI score0.00013EPSS
CVE
CVE
added 2025/01/25 2:15 p.m.45 views

CVE-2023-38012

IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

5.3CVSS5.3AI score0.00062EPSS
CVE
CVE
added 2025/03/27 6:17 p.m.45 views

CVE-2023-38272

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.

5.9CVSS5.4AI score0.00042EPSS
CVE
CVE
added 2025/01/25 2:15 p.m.44 views

CVE-2023-38714

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.

5.3CVSS5AI score0.00038EPSS
CVE
CVE
added 2025/01/25 2:15 p.m.43 views

CVE-2023-38271

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.

4.3CVSS4.3AI score0.00035EPSS
CVE
CVE
added 2025/01/25 2:15 p.m.43 views

CVE-2023-38716

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.

5.3CVSS5AI score0.00038EPSS
CVE
CVE
added 2025/03/27 6:17 p.m.41 views

CVE-2023-37405

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.

6.5CVSS6.3AI score0.00017EPSS
CVE
CVE
added 2025/01/25 2:15 p.m.40 views

CVE-2023-38013

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.

5.3CVSS5.1AI score0.00038EPSS
CVE
CVE
added 2019/12/10 4:15 p.m.36 views

CVE-2019-4095

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.

5.3CVSS5.5AI score0.00129EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.35 views

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.

7.2CVSS7.2AI score0.00309EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.35 views

CVE-2020-4919

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.

5.5CVSS4.9AI score0.00137EPSS
CVE
CVE
added 2019/12/03 3:15 p.m.34 views

CVE-2019-4468

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.

5.4CVSS5.5AI score0.00239EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.34 views

CVE-2020-4916

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.

5.5CVSS5.2AI score0.00178EPSS
CVE
CVE
added 2019/12/03 3:15 p.m.33 views

CVE-2019-4226

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.

5.4CVSS5.5AI score0.00239EPSS
CVE
CVE
added 2019/12/03 3:15 p.m.33 views

CVE-2019-4465

IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.

4CVSS4.3AI score0.00081EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.33 views

CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.

4.8CVSS5.2AI score0.00213EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.33 views

CVE-2020-4917

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.

8.8CVSS8.4AI score0.00109EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.32 views

CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

4.4CVSS5AI score0.00043EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.31 views

CVE-2020-4909

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.

4.8CVSS5.2AI score0.00162EPSS
CVE
CVE
added 2024/02/02 3:15 p.m.31 views

CVE-2023-38273

IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.

7.5CVSS7.2AI score0.0005EPSS
CVE
CVE
added 2019/12/03 3:15 p.m.30 views

CVE-2019-4098

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.

5.4CVSS5.1AI score0.00239EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.30 views

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.

4.4CVSS5AI score0.0004EPSS
CVE
CVE
added 2019/12/03 3:15 p.m.29 views

CVE-2019-4467

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.

5.4CVSS5.5AI score0.00239EPSS
CVE
CVE
added 2019/12/10 4:15 p.m.29 views

CVE-2019-4521

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

10CVSS9.3AI score0.0104EPSS
CVE
CVE
added 2021/07/20 5:15 p.m.29 views

CVE-2021-20478

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.

4CVSS3.7AI score0.00036EPSS
CVE
CVE
added 2019/12/03 3:15 p.m.28 views

CVE-2019-4130

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

9CVSS8.7AI score0.01801EPSS
CVE
CVE
added 2021/01/04 2:15 p.m.26 views

CVE-2020-4928

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.

6.7CVSS7.1AI score0.00068EPSS
CVE
CVE
added 2025/06/27 3:15 p.m.5 views

CVE-2023-38007

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser ...

5.4CVSS6.5AI score0.00033EPSS
CVE
CVE
added 2025/06/30 3:15 p.m.4 views

CVE-2025-2895

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting si...

5.4CVSS6.5AI score0.00033EPSS