CVE-2021-39013
https://notcve.org/view.php?id=CVE-2021-39013
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651. IBM Cloud Pak for Security (CP4S) versiones 1.7.2.0, 1.7.1.0 y 1.7.0.0, podría permitir que un usuario autenticado obtuviera información confidencial en las respuestas HTTP que podría ser usada en otros ataques contra el sistema. IBM X-Force ID: 213651 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213651 https://www.ibm.com/support/pages/node/6529200 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-29894
https://notcve.org/view.php?id=CVE-2021-29894
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 207320 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207320 https://www.ibm.com/support/pages/node/6493729 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-20578
https://notcve.org/view.php?id=CVE-2021-20578
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, podría permitir a un atacante llevar a cabo acciones no autorizadas debido a controles de autenticación inapropiados o ausentes. IBM X-Force ID: 199282 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199282 https://www.ibm.com/support/pages/node/6493729 • CWE-287: Improper Authentication •