Vulnerabilities > IBM > Cloud PAK FOR Security

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-20540 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
2021-08-02 CVE-2021-20541 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
2021-08-02 CVE-2021-29696 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm
7.2
2021-08-02 CVE-2021-29697 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.
network
low complexity
ibm
4.9
2021-05-14 CVE-2020-4811 Improper Input Validation vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.
network
low complexity
ibm CWE-20
2.4
2021-05-14 CVE-2021-20564 Cleartext Transmission of Sensitive Information vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-319
5.9
2021-05-14 CVE-2021-20565 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
network
low complexity
ibm
5.3
2021-05-10 CVE-2021-20538 Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms.
network
low complexity
ibm CWE-863
critical
9.1
2021-05-10 CVE-2021-20577 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2021-01-27 CVE-2020-4967 Information Exposure vulnerability in IBM Cloud PAK for Security 1.3.0.1
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system.
network
low complexity
ibm CWE-200
4.3