Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20565 | 1 Ibm | 1 Cloud Pak For Security | 2021-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 199236. | |||||
| CVE-2021-20538 | 1 Ibm | 1 Cloud Pak For Security | 2021-05-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919. | |||||
| CVE-2021-20577 | 1 Ibm | 1 Cloud Pak For Security | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199281. | |||||
| CVE-2020-4628 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369. | |||||
| CVE-2020-4815 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | |||||
| CVE-2020-4967 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. | |||||
| CVE-2020-4820 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-4624 | 1 Ibm | 1 Cloud Pak For Security | 2020-11-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. | |||||