Vulnerabilities > IBM > Cloud PAK FOR Security > 1.6.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2020-4811 Improper Input Validation vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.
network
low complexity
ibm CWE-20
2.4
2.4
2021-05-14 CVE-2021-20564 Cleartext Transmission of Sensitive Information vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-319
5.9
5.9
2021-05-14 CVE-2021-20565 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
network
low complexity
ibm
5.3
5.3