Vulnerabilities > IBM > Cloud PAK FOR Security > 1.4.0.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2020-4811 Improper Input Validation vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.
network
low complexity
ibm CWE-20
2.4
2.4
2021-05-14 CVE-2021-20564 Cleartext Transmission of Sensitive Information vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-319
5.9
5.9
2021-05-14 CVE-2021-20565 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
network
low complexity
ibm
5.3
5.3
2021-01-27 CVE-2020-4820 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.4.0.0
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2021-01-27 CVE-2020-4816 Missing Authorization vulnerability in IBM Cloud PAK for Security 1.4.0.0
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-862
5.9
5.9
2021-01-27 CVE-2020-4815 Information Exposure vulnerability in IBM Cloud PAK for Security 1.4.0.0
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
network
low complexity
ibm CWE-200
5.3
5.3
2021-01-27 CVE-2020-4628 Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Security 1.3.0.1/1.4.0.0
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3