Vulnerabilities > IBM > Cloud PAK FOR Security > 1.5.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-29696 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm
critical
 9.0
9.0
2021-08-02 CVE-2021-29697 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.
network
low complexity
ibm
4.0
4.0
2021-05-14 CVE-2020-4811 Improper Input Validation vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.
network
low complexity
ibm CWE-20
4.0
4.0
2021-05-14 CVE-2021-20564 Information Exposure vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
ibm CWE-200
4.3
4.3
2021-05-14 CVE-2021-20565 Improper Input Validation vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
network
low complexity
ibm CWE-20
5.0
5.0
2021-05-10 CVE-2021-20538 Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms.
network
low complexity
ibm CWE-863
6.4
6.4
2021-05-10 CVE-2021-20577 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3