Vulnerabilities > IBM > Cloud PAK FOR Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-16 | CVE-2023-47728 | Information Exposure Through an Error Message vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. | 6.5 |
| 2024-08-15 | CVE-2024-25024 | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2024-08-13 | CVE-2022-38382 | Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. | 4.1 |
| 2024-02-17 | CVE-2023-50951 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. | 4.3 |
| 2024-02-17 | CVE-2024-22335 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2024-02-17 | CVE-2024-22336 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2024-02-17 | CVE-2024-22337 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2023-11-22 | CVE-2022-36777 | Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. | 6.5 |
| 2023-01-20 | CVE-2021-39011 | Unspecified vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. | 4.9 |
| 2023-01-20 | CVE-2021-39089 | Unspecified vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. | 6.5 |