Vulnerabilities > IBM > Cloud PAK FOR Security > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-11 CVE-2022-36776 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0
IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-12-22 CVE-2021-39013 Information Exposure vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system.
network
low complexity
ibm CWE-200
6.5
2021-08-02 CVE-2021-20539 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
2021-08-02 CVE-2021-20540 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
2021-08-02 CVE-2021-20541 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests.
network
low complexity
ibm
5.3
2021-08-02 CVE-2021-29697 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.
network
low complexity
ibm
4.9
2021-05-14 CVE-2021-20564 Cleartext Transmission of Sensitive Information vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-319
5.9
2021-05-14 CVE-2021-20565 Unspecified vulnerability in IBM Cloud PAK for Security
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
network
low complexity
ibm
5.3
2021-05-10 CVE-2021-20577 Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2021-01-27 CVE-2020-4967 Information Exposure vulnerability in IBM Cloud PAK for Security 1.3.0.1
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system.
network
low complexity
ibm CWE-200
4.3