CVE-2023-46175 – IBM Cloud Pak for Multicloud Management information disclosure
https://notcve.org/view.php?id=CVE-2023-46175
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. • https://www.ibm.com/support/pages/node/7170411 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-42438 – IBM Cloud Pak for Multicloud Management Monitoring privilege escalation
https://notcve.org/view.php?id=CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238210 https://www.ibm.com/support/pages/node/6909427 • CWE-425: Direct Request ('Forced Browsing') •
CVE-2021-38941
https://notcve.org/view.php?id=CVE-2021-38941
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. IBM CloudPak for Multicloud Monitoring versiones 2.0 y 2.3, presenta algunos contenedores que son ejecutados en modo privilegiado, lo que es vulnerable a un filtrado de información del host o a una destrucción si el acceso no autorizado a estos contenedores pudiera ejecutar comandos arbitrarios. IBM X-Force ID: 211048 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211048 https://www.ibm.com/support/pages/node/6599639 •
CVE-2020-4765
https://notcve.org/view.php?id=CVE-2020-4765
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. IBM Cloud Pak for Multicloud Management anterior a versión 2.3, permite a unas páginas web ser almacenadas localmente para que pueda ser leídas por otro usuario en el sistema. IBM X-Force ID: 188902 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188902 https://www.ibm.com/support/pages/node/6454019 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2021-20341
https://notcve.org/view.php?id=CVE-2021-20341
IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. IBM Cloud Pak para Multicloud Management Monitoring versión 2.2, devuelve información potencialmente confidencial en encabezados que podrían conllevar a nuevos ataques contra el sistema. IBM X-Force ID: 194513 • https://exchange.xforce.ibmcloud.com/vulnerabilities/194513 https://www.ibm.com/support/pages/node/6426997 •