Vulnerabilities > IBM > Cloud PAK FOR Security > 1.10.2.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-17 CVE-2024-22337 Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm
5.5
5.5
2023-11-22 CVE-2022-36777 Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm
6.5
6.5
2023-01-20 CVE-2021-39011 Unspecified vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user.
network
low complexity
ibm
4.9
4.9
2023-01-20 CVE-2021-39089 Unspecified vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm
6.5
6.5
2022-11-15 CVE-2022-38385 Improper Input Validation vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation.
network
low complexity
ibm CWE-20
8.1
8.1
2022-11-11 CVE-2022-36776 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-11-11 CVE-2022-38387 OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
8.8