Vulnerabilities > IBM > Cloud PAK System > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-38273 Unspecified vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm
7.5
2022-05-09 CVE-2021-20479 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-01-04 CVE-2020-4917 Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-01-04 CVE-2020-4912 Unspecified vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user.
network
low complexity
ibm
7.2
2019-12-03 CVE-2019-4130 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.8