Vulnerabilities > IBM > Cloud PAK FOR Security
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2022-36777 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. | 6.5 |
| 2023-06-27 | CVE-2023-30993 | Information Exposure vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. | 7.5 |
| 2023-01-20 | CVE-2021-39011 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. | 4.9 |
| 2023-01-20 | CVE-2021-39089 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. | 6.5 |
| 2022-11-15 | CVE-2022-38385 | Improper Input Validation vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. | 8.1 |
| 2022-11-11 | CVE-2022-36776 | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. | 5.4 |
| 2022-11-11 | CVE-2022-38387 | OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2021-12-22 | CVE-2021-39013 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. | 4.0 |
| 2021-09-30 | CVE-2021-20578 | Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. | 7.5 |
| 2021-09-30 | CVE-2021-29894 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |