Vulnerabilities > IBM > Cloud PAK System > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-38273 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2022-05-09 | CVE-2021-20479 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-04 | CVE-2020-4917 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-01-04 | CVE-2020-4912 | Unspecified vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. | 7.2 |
| 2019-12-03 | CVE-2019-4130 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |