CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4912
https://notcve.org/view.php?id=CVE-2020-4912
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287. Self Service Console de IBM Cloud Pak System versión 2.3, podría permitir una escalada de privilegios al capturar la URL de petición del usuario al iniciar sesión como usuario privilegiado. IBM X-Force ID: 191287. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191287 https://www.ibm.com/support/pages/node/6393554 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4910
https://notcve.org/view.php?id=CVE-2020-4910
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274. IBM Cloud Pak System versión 2.3, es vulnerable a ataques de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191274 https://www.ibm.com/support/pages/node/6393554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4909
https://notcve.org/view.php?id=CVE-2020-4909
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273. IBM Cloud Pak System versión 2.3, es vulnerable a ataques de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191273 https://www.ibm.com/support/pages/node/6393554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4521
https://notcve.org/view.php?id=CVE-2019-4521
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179. Platform System Manager en IBM Cloud Pak System versión 2.3, es potencialmente vulnerable a una inyección CVS. Un atacante remoto podría ejecutar comandos arbitrarios sobre el sistema, causados ?? • https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 https://www.ibm.com/support/pages/node/1126605 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4095
https://notcve.org/view.php?id=CVE-2019-4095
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario que confía en el sitio web. ID de IBM X-Force: 158015. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158015 https://www.ibm.com/support/pages/node/1126605 • CWE-352: Cross-Site Request Forgery (CSRF) •