Vulnerabilities > IBM > Cloud PAK FOR Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-20540 | Unspecified vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. | 5.3 |
| 2021-08-02 | CVE-2021-20541 | Unspecified vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. | 5.3 |
| 2021-08-02 | CVE-2021-29697 | Unspecified vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. | 4.9 |
| 2021-05-14 | CVE-2021-20564 | Cleartext Transmission of Sensitive Information vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-05-14 | CVE-2021-20565 | Unspecified vulnerability in IBM Cloud PAK for Security IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. | 5.3 |
| 2021-05-10 | CVE-2021-20577 | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1 IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2021-01-27 | CVE-2020-4967 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.3.0.1 IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. | 4.3 |
| 2021-01-27 | CVE-2020-4820 | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. | 6.1 |
| 2021-01-27 | CVE-2020-4816 | Missing Authorization vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-01-27 | CVE-2020-4815 | Information Exposure vulnerability in IBM Cloud PAK for Security 1.4.0.0 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. | 5.3 |