Vulnerabilities > IBM > Cloud PAK System > 2.3.3.4

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-38273 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
7.5
2023-05-05 CVE-2020-4914 Insufficient Session Expiration vulnerability in IBM Cloud PAK System
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-613
5.5
5.5