Vulnerabilities > IBM > Cloud PAK System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-05 | CVE-2020-4914 | Insufficient Session Expiration vulnerability in IBM Cloud PAK System IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 5.5 |
| 2021-01-04 | CVE-2020-4928 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. | 6.7 |
| 2021-01-04 | CVE-2020-4918 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. | 4.4 |
| 2021-01-04 | CVE-2020-4916 | Cross-site Scripting vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. | 4.8 |
| 2021-01-04 | CVE-2020-4913 | Insufficiently Protected Credentials vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. | 4.4 |
| 2021-01-04 | CVE-2020-4910 | Cross-site Scripting vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. | 4.8 |
| 2021-01-04 | CVE-2020-4909 | Cross-site Scripting vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. | 4.8 |
| 2019-12-10 | CVE-2019-4095 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-03 | CVE-2019-4468 | Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-12-03 | CVE-2019-4467 | Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. | 5.4 |