CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38005 – Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
https://notcve.org/view.php?id=CVE-2023-38005
17 Feb 2026 — IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls. • https://www.ibm.com/support/pages/node/7259955 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38265 – Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
https://notcve.org/view.php?id=CVE-2023-38265
17 Feb 2026 — IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7259955 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38273 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38273
02 Feb 2024 — IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. IBM Cloud Pak System 2.3.1.1, 2.3.2.0 y 2.3.3.7 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 260733. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20479
https://notcve.org/view.php?id=CVE-2021-20479
09 May 2022 — IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. IBM Cloud Pak System versiones 2.3.0 hasta 2.3.3.3 Interim Fix 1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 197498 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197498 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4928
https://notcve.org/view.php?id=CVE-2020-4928
04 Jan 2021 — IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. IBM Cloud Pak System versión 2.3, podría permitir a un atacante privilegiado local cargar archivos arbitrarios. Al interceptar la petición y modificar la extensión del archivo, el atacante podría ejecutar código arbitrario en el servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191705 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4919
https://notcve.org/view.php?id=CVE-2020-4919
04 Jan 2021 — IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. IBM Cloud Pak System versión 2.3, presenta controles de cierre de sesión insuficientes que podrían permitir a un usuario privilegiado autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 191395. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4918
https://notcve.org/view.php?id=CVE-2020-4918
04 Jan 2021 — IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. IBM Cloud Pak System versión 2.3, podría permitir a un usuario privilegiado local divulgar información confidencial debido a una referencia directa a objeto no segura en la consola de servicio de venta para el Platform System Manager. IBM X-Force ID: 191392. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191392 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4917
https://notcve.org/view.php?id=CVE-2020-4917
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 191391. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191391 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4916
https://notcve.org/view.php?id=CVE-2020-4916
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionali... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4913
https://notcve.org/view.php?id=CVE-2020-4913
04 Jan 2021 — IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. IBM Cloud Pak System versión 2.3, podría revelar información de credenciales en la respuesta HTTP para un usuario privilegiado local. IBM X-Force ID: 191288. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191288 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •