Vulnerabilities > IBM > Cloud PAK FOR Security

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-38385 Improper Input Validation vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation.
network
low complexity
ibm CWE-20
8.1
8.1
2022-11-11 CVE-2022-36776 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-11-11 CVE-2022-38387 OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
8.8
2021-12-22 CVE-2021-39013 Information Exposure vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system.
network
low complexity
ibm CWE-200
6.5
6.5
2021-09-30 CVE-2021-20578 Improper Authentication vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls.
network
low complexity
ibm CWE-287
critical
 9.8
9.8
2021-09-30 CVE-2021-29894 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2021-08-02 CVE-2021-20539 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
5.3
2021-08-02 CVE-2021-20540 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
5.3
2021-08-02 CVE-2021-20541 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
5.3
2021-08-02 CVE-2021-29696 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm
7.2
7.2