Ibm

Cloud Pak For Security

53 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-39013

  • EPSS 0.16%
  • Published 22.12.2021 17:15:09
  • Last modified 21.11.2024 06:18:24

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.

7.5

CVE-2021-29894

  • EPSS 0.1%
  • Published 30.09.2021 17:15:07
  • Last modified 21.11.2024 06:01:57

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

9.8

CVE-2021-20578

  • EPSS 0.11%
  • Published 30.09.2021 17:15:07
  • Last modified 21.11.2024 05:46:48

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

4.9

CVE-2021-29697

  • EPSS 0.15%
  • Published 02.08.2021 17:15:14
  • Last modified 21.11.2024 06:01:39

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.

9

CVE-2021-29696

  • EPSS 0.49%
  • Published 02.08.2021 17:15:14
  • Last modified 21.11.2024 06:01:39

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

5.3

CVE-2021-20541

  • EPSS 0.17%
  • Published 02.08.2021 17:15:13
  • Last modified 21.11.2024 05:46:44

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. I...

5.3

CVE-2021-20540

  • EPSS 0.19%
  • Published 02.08.2021 17:15:13
  • Last modified 21.11.2024 05:46:44

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. I...

5.3

CVE-2021-20539

  • EPSS 0.17%
  • Published 02.08.2021 17:15:13
  • Last modified 21.11.2024 05:46:44

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. I...

5.9

CVE-2021-20564

  • EPSS 0.07%
  • Published 14.05.2021 17:15:07
  • Last modified 21.11.2024 05:46:46

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

4

CVE-2020-4811

  • EPSS 0.08%
  • Published 14.05.2021 17:15:07
  • Last modified 21.11.2024 05:33:16

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.