CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38271 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38271
25 Jan 2025 — IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files. • https://www.ibm.com/support/pages/node/7159533 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38713 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38713
25 Jan 2025 — IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7159533 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38714 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38714
25 Jan 2025 — IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7159533 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38013 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38013
25 Jan 2025 — IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7159533 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38012 – IBM Cloud Pak System directory traversal
https://notcve.org/view.php?id=CVE-2023-38012
25 Jan 2025 — IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7148474 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38716 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38716
25 Jan 2025 — IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7148474 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38273 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38273
02 Feb 2024 — IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. IBM Cloud Pak System 2.3.1.1, 2.3.2.0 y 2.3.3.7 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 260733. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4914 – IBM Cloud Pak System Software Suite session fixation
https://notcve.org/view.php?id=CVE-2020-4914
05 May 2023 — IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191290 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20479
https://notcve.org/view.php?id=CVE-2021-20479
09 May 2022 — IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. IBM Cloud Pak System versiones 2.3.0 hasta 2.3.3.3 Interim Fix 1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 197498 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197498 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20478
https://notcve.org/view.php?id=CVE-2021-20478
20 Jul 2021 — IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. IBM Cloud Pak System versión 2.3, podría permitir a un usuario local en algunas situaciones visualizar los artefactos de otro usuario en la consola de autoservicio. IBM X-Force ID: 197497 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197497 •