Cloud Pak For Security Security Vulnerabilities and Issues — Cloud Pak For Security CVE List

Lucene search

IbmCloud Pak For Security

8 matches found

CVE•added 2024/04/03 12:15 p.m.•63 views

CVE-2024-28782

IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.

6.5CVSS6.1AI score0.0003EPSS

CVE•added 2023/11/22 7:15 p.m.•53 views

CVE-2022-36777

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

6.5CVSS5.2AI score0.00079EPSS

CVE•added 2023/01/20 7:15 p.m.•50 views

CVE-2021-39089

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.

6.5CVSS5AI score0.00081EPSS

CVE•added 2021/12/22 5:15 p.m.•49 views

CVE-2021-39013

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

6.5CVSS6AI score0.00162EPSS

CVE•added 2025/06/03 4:15 p.m.•47 views

CVE-2025-25019

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

6.5CVSS5AI score0.00038EPSS

CVE•added 2025/06/03 4:15 p.m.•40 views

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.

6.5CVSS6.6AI score0.00071EPSS

CVE•added 2021/01/27 1:15 p.m.•32 views

CVE-2020-4820

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.9AI score0.00188EPSS

CVE•added 2021/05/10 5:15 p.m.•32 views

CVE-2021-20577

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

6.1CVSS6.1AI score0.00172EPSS