Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmCloud Pak System

9 matches found

CVE
CVEadded 2021/01/04 2:15 p.m.35 views

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.

7.2CVSS7.2AI score0.00309EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.35 views

CVE-2020-4919

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.

5.5CVSS4.9AI score0.00137EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.34 views

CVE-2020-4916

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.

5.5CVSS5.2AI score0.00178EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.33 views

CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.

4.8CVSS5.2AI score0.00213EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.33 views

CVE-2020-4917

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.

8.8CVSS8.4AI score0.00109EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.32 views

CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

4.4CVSS5AI score0.00043EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.31 views

CVE-2020-4909

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.

4.8CVSS5.2AI score0.00162EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.30 views

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.

4.4CVSS5AI score0.0004EPSS
CVE
CVEadded 2021/01/04 2:15 p.m.26 views

CVE-2020-4928

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.

6.7CVSS7.1AI score0.00068EPSS