CVE-2021-39089 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2021-39089
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216387 https://www.ibm.com/support/pages/node/6856405 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-39011 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2021-39011
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213645 https://www.ibm.com/support/pages/node/6856403 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-36776
https://notcve.org/view.php?id=CVE-2022-36776
IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. IBM Cloud Pak for Security (CP4S) 1.10.0.0 79 y 1.10.2.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la Web UI, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233663 https://www.ibm.com/support/pages/node/6833574 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38385
https://notcve.org/view.php?id=CVE-2022-38385
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.2.0 podría permitir que un usuario autenticado obtenga información altamente confidencial o realice acciones no autorizadas debido a una validación de entrada incorrecta. ID de IBM X-Force: 233777. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233777 https://www.ibm.com/support/pages/node/6833586 • CWE-20: Improper Input Validation •
CVE-2022-38387
https://notcve.org/view.php?id=CVE-2022-38387
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. IBM Cloud Pak for Security (CP4S) 1.10.0.0 hasta 1.10.2.0 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 233786. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233786 https://www.ibm.com/support/pages/node/6833584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •