CVE-2020-4919
https://notcve.org/view.php?id=CVE-2020-4919
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. IBM Cloud Pak System versión 2.3, presenta controles de cierre de sesión insuficientes que podrían permitir a un usuario privilegiado autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 191395. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 https://www.ibm.com/support/pages/node/6393554 •
CVE-2020-4918
https://notcve.org/view.php?id=CVE-2020-4918
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. IBM Cloud Pak System versión 2.3, podría permitir a un usuario privilegiado local divulgar información confidencial debido a una referencia directa a objeto no segura en la consola de servicio de venta para el Platform System Manager. IBM X-Force ID: 191392. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191392 https://www.ibm.com/support/pages/node/6393554 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2020-4917
https://notcve.org/view.php?id=CVE-2020-4917
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 191391. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191391 https://www.ibm.com/support/pages/node/6393554 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-4916
https://notcve.org/view.php?id=CVE-2020-4916
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191390 https://www.ibm.com/support/pages/node/6393554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4913
https://notcve.org/view.php?id=CVE-2020-4913
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. IBM Cloud Pak System versión 2.3, podría revelar información de credenciales en la respuesta HTTP para un usuario privilegiado local. IBM X-Force ID: 191288. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191288 https://www.ibm.com/support/pages/node/6393554 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •