Ibm

Cloud Pak System

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-4919

  • EPSS 0.14%
  • Veröffentlicht 04.01.2021 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:25

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.

4.4

CVE-2020-4918

  • EPSS 0.04%
  • Veröffentlicht 04.01.2021 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:25

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.

4.8

CVE-2020-4910

  • EPSS 0.21%
  • Veröffentlicht 04.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:24

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...

4.8

CVE-2020-4909

  • EPSS 0.16%
  • Veröffentlicht 04.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:24

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...

7.2

CVE-2020-4912

  • EPSS 0.31%
  • Veröffentlicht 04.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:24

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.

4.4

CVE-2020-4913

  • EPSS 0.04%
  • Veröffentlicht 04.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:25

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

4.8

CVE-2020-4916

  • EPSS 0.18%
  • Veröffentlicht 04.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:25

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s...

8.8

CVE-2020-4917

  • EPSS 0.11%
  • Veröffentlicht 04.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:25

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.

10

CVE-2019-4521

  • EPSS 1.04%
  • Veröffentlicht 10.12.2019 16:15:13
  • Zuletzt bearbeitet 21.11.2024 04:43:41

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

4.3

CVE-2019-4095

  • EPSS 0.13%
  • Veröffentlicht 10.12.2019 16:15:13
  • Zuletzt bearbeitet 21.11.2024 04:43:10

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.