CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4928
https://notcve.org/view.php?id=CVE-2020-4928
04 Jan 2021 — IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. IBM Cloud Pak System versión 2.3, podría permitir a un atacante privilegiado local cargar archivos arbitrarios. Al interceptar la petición y modificar la extensión del archivo, el atacante podría ejecutar código arbitrario en el servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191705 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4919
https://notcve.org/view.php?id=CVE-2020-4919
04 Jan 2021 — IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. IBM Cloud Pak System versión 2.3, presenta controles de cierre de sesión insuficientes que podrían permitir a un usuario privilegiado autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 191395. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4918
https://notcve.org/view.php?id=CVE-2020-4918
04 Jan 2021 — IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. IBM Cloud Pak System versión 2.3, podría permitir a un usuario privilegiado local divulgar información confidencial debido a una referencia directa a objeto no segura en la consola de servicio de venta para el Platform System Manager. IBM X-Force ID: 191392. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191392 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4917
https://notcve.org/view.php?id=CVE-2020-4917
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 191391. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191391 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4916
https://notcve.org/view.php?id=CVE-2020-4916
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionali... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4913
https://notcve.org/view.php?id=CVE-2020-4913
04 Jan 2021 — IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. IBM Cloud Pak System versión 2.3, podría revelar información de credenciales en la respuesta HTTP para un usuario privilegiado local. IBM X-Force ID: 191288. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191288 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4912
https://notcve.org/view.php?id=CVE-2020-4912
04 Jan 2021 — IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287. Self Service Console de IBM Cloud Pak System versión 2.3, podría permitir una escalada de privilegios al capturar la URL de petición del usuario al iniciar sesión como usuario privilegiado. IBM X-Force ID: 191287. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191287 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4910
https://notcve.org/view.php?id=CVE-2020-4910
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274. IBM Cloud Pak System versión 2.3, es vulnerable a ataques de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4909
https://notcve.org/view.php?id=CVE-2020-4909
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273. IBM Cloud Pak System versión 2.3, es vulnerable a ataques de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4521
https://notcve.org/view.php?id=CVE-2019-4521
10 Dec 2019 — Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179. Platform System Manager en IBM Cloud Pak System versión 2.3, es potencialmente vulnerable a una inyección CVS. Un atacante remoto podría ejecutar comandos arbitrarios sobre el sistema, causados ?? • https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •