Vulnerabilities > IBM > Cloud PAK System

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-4912 Unspecified vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user.
network
low complexity
ibm
7.2
7.2
2021-01-04 CVE-2020-4910 Cross-site Scripting vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
4.8
2021-01-04 CVE-2020-4909 Cross-site Scripting vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
4.8
2019-12-10 CVE-2019-4521 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection.
network
low complexity
ibm CWE-1236
critical
 9.8
9.8
2019-12-10 CVE-2019-4095 Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2019-12-03 CVE-2019-4468 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-12-03 CVE-2019-4467 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-12-03 CVE-2019-4465 Improper Privilege Management vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-269
3.3
3.3
2019-12-03 CVE-2019-4226 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-12-03 CVE-2019-4130 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.8
8.8