NotCVE - vendor:"Ibm" product:"Cloud Pak System" version:" >= 2.3.3.0 <= 2.3.3.6"

12 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-38273 – IBM Cloud Pak System information disclosure

https://notcve.org/view.php?id=CVE-2023-38273

IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. IBM Cloud Pak System 2.3.1.1, 2.3.2.0 y 2.3.3.7 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 260733. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 https://www.ibm.com/support/pages/node/7105357 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4914 – IBM Cloud Pak System Software Suite session fixation

https://notcve.org/view.php?id=CVE-2020-4914

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191290 https://www.ibm.com/support/pages/node/6967181 • CWE-613: Insufficient Session Expiration •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-20479

https://notcve.org/view.php?id=CVE-2021-20479

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. IBM Cloud Pak System versiones 2.3.0 hasta 2.3.3.3 Interim Fix 1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 197498 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197498 https://www.ibm.com/support/pages/node/6562263 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4928

https://notcve.org/view.php?id=CVE-2020-4928

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. IBM Cloud Pak System versión 2.3, podría permitir a un atacante privilegiado local cargar archivos arbitrarios. Al interceptar la petición y modificar la extensión del archivo, el atacante podría ejecutar código arbitrario en el servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191705 https://www.ibm.com/support/pages/node/6393554 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4919

https://notcve.org/view.php?id=CVE-2020-4919

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. IBM Cloud Pak System versión 2.3, presenta controles de cierre de sesión insuficientes que podrían permitir a un usuario privilegiado autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 191395. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 https://www.ibm.com/support/pages/node/6393554 •

1 2 3