Ibm

Cloud Pak For Security

53 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-39013

  • EPSS 0.16%
  • Veröffentlicht 22.12.2021 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:18:24

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

7.5

CVE-2021-29894

  • EPSS 0.1%
  • Veröffentlicht 30.09.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:57

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

9.8

CVE-2021-20578

  • EPSS 0.11%
  • Veröffentlicht 30.09.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:48

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

4.9

CVE-2021-29697

  • EPSS 0.15%
  • Veröffentlicht 02.08.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 06:01:39

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.

9

CVE-2021-29696

  • EPSS 0.49%
  • Veröffentlicht 02.08.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 06:01:39

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

5.3

CVE-2021-20541

  • EPSS 0.17%
  • Veröffentlicht 02.08.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:44

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. I...

5.3

CVE-2021-20540

  • EPSS 0.19%
  • Veröffentlicht 02.08.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:44

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. I...

5.3

CVE-2021-20539

  • EPSS 0.17%
  • Veröffentlicht 02.08.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:44

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. I...

5.9

CVE-2021-20564

  • EPSS 0.07%
  • Veröffentlicht 14.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:46

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

4

CVE-2020-4811

  • EPSS 0.08%
  • Veröffentlicht 14.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:33:16

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.