CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38273 – IBM Cloud Pak System information disclosure
https://notcve.org/view.php?id=CVE-2023-38273
02 Feb 2024 — IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. IBM Cloud Pak System 2.3.1.1, 2.3.2.0 y 2.3.3.7 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 260733. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4914 – IBM Cloud Pak System Software Suite session fixation
https://notcve.org/view.php?id=CVE-2020-4914
05 May 2023 — IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191290 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20479
https://notcve.org/view.php?id=CVE-2021-20479
09 May 2022 — IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. IBM Cloud Pak System versiones 2.3.0 hasta 2.3.3.3 Interim Fix 1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 197498 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197498 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4928
https://notcve.org/view.php?id=CVE-2020-4928
04 Jan 2021 — IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705. IBM Cloud Pak System versión 2.3, podría permitir a un atacante privilegiado local cargar archivos arbitrarios. Al interceptar la petición y modificar la extensión del archivo, el atacante podría ejecutar código arbitrario en el servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191705 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4919
https://notcve.org/view.php?id=CVE-2020-4919
04 Jan 2021 — IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. IBM Cloud Pak System versión 2.3, presenta controles de cierre de sesión insuficientes que podrían permitir a un usuario privilegiado autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 191395. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4918
https://notcve.org/view.php?id=CVE-2020-4918
04 Jan 2021 — IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. IBM Cloud Pak System versión 2.3, podría permitir a un usuario privilegiado local divulgar información confidencial debido a una referencia directa a objeto no segura en la consola de servicio de venta para el Platform System Manager. IBM X-Force ID: 191392. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191392 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4917
https://notcve.org/view.php?id=CVE-2020-4917
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 191391. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191391 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4916
https://notcve.org/view.php?id=CVE-2020-4916
04 Jan 2021 — IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390. IBM Cloud Pak System versión 2.3, es vulnerable a un ataque de tipo cross site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionali... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4913
https://notcve.org/view.php?id=CVE-2020-4913
04 Jan 2021 — IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. IBM Cloud Pak System versión 2.3, podría revelar información de credenciales en la respuesta HTTP para un usuario privilegiado local. IBM X-Force ID: 191288. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191288 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4912
https://notcve.org/view.php?id=CVE-2020-4912
04 Jan 2021 — IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287. Self Service Console de IBM Cloud Pak System versión 2.3, podría permitir una escalada de privilegios al capturar la URL de petición del usuario al iniciar sesión como usuario privilegiado. IBM X-Force ID: 191287. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191287 •