CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36776
https://notcve.org/view.php?id=CVE-2022-36776
IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. IBM Cloud Pak for Security (CP4S) 1.10.0.0 79 y 1.10.2.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la Web UI, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233663 https://www.ibm.com/support/pages/node/6833574 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38385
https://notcve.org/view.php?id=CVE-2022-38385
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.2.0 podría permitir que un usuario autenticado obtenga información altamente confidencial o realice acciones no autorizadas debido a una validación de entrada incorrecta. ID de IBM X-Force: 233777. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233777 https://www.ibm.com/support/pages/node/6833586 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38387
https://notcve.org/view.php?id=CVE-2022-38387
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. IBM Cloud Pak for Security (CP4S) 1.10.0.0 hasta 1.10.2.0 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 233786. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233786 https://www.ibm.com/support/pages/node/6833584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •