Vulnerabilities > IBM > Cloud PAK System > 2.3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-4521 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. | 9.8 |
| 2019-12-10 | CVE-2019-4095 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-03 | CVE-2019-4468 | Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-03 | CVE-2019-4467 | Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-03 | CVE-2019-4465 | Improper Privilege Management vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2019-12-03 | CVE-2019-4226 | Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-03 | CVE-2019-4130 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2019-12-03 | CVE-2019-4098 | Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. | 5.4 |