CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42438 – IBM Cloud Pak for Multicloud Management Monitoring privilege escalation
https://notcve.org/view.php?id=CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238210 https://www.ibm.com/support/pages/node/6909427 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38941
https://notcve.org/view.php?id=CVE-2021-38941
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. IBM CloudPak for Multicloud Monitoring versiones 2.0 y 2.3, presenta algunos contenedores que son ejecutados en modo privilegiado, lo que es vulnerable a un filtrado de información del host o a una destrucción si el acceso no autorizado a estos contenedores pudiera ejecutar comandos arbitrarios. IBM X-Force ID: 211048 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211048 https://www.ibm.com/support/pages/node/6599639 •