Vulnerabilities > IBM > Cloud PAK System > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-05 CVE-2020-4914 Unspecified vulnerability in IBM Cloud PAK System
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm
5.5
2021-01-04 CVE-2020-4928 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files.
local
low complexity
ibm CWE-434
6.7
2021-01-04 CVE-2020-4918 Authorization Bypass Through User-Controlled Key vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager.
local
low complexity
ibm CWE-639
4.4
2021-01-04 CVE-2020-4916 Cross-site Scripting vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2021-01-04 CVE-2020-4913 Insufficiently Protected Credentials vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user.
local
low complexity
ibm CWE-522
4.4
2021-01-04 CVE-2020-4910 Cross-site Scripting vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2021-01-04 CVE-2020-4909 Cross-site Scripting vulnerability in IBM Cloud PAK System
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2019-12-10 CVE-2019-4095 Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2019-12-03 CVE-2019-4468 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-12-03 CVE-2019-4467 Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4