Vulnerabilites related to ibm - cloud_pak_system
Vulnerability from fkie_nvd
Published
2025-01-25 14:15
Modified
2025-08-13 18:01
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7159533 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.0 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.4 | |
| ibm | cloud_pak_system | 2.3.3.5 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan revelar informaci\u00f3n confidencial en respuestas HTTP que podr\u00eda ayudar en futuros ataques contra el tallo sistema."
}
],
"id": "CVE-2023-38013",
"lastModified": "2025-08-13T18:01:11.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-25T14:15:27.977",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-30 15:15
Modified
2025-08-14 01:07
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7237164 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.4.0 | |
| ibm | cloud_pak_system | 2.3.4.1 | |
| ibm | cloud_pak_system | 2.3.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "618F4D77-242C-415C-AA3F-4F79C2663178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "B793F9B0-02DE-49D1-8134-4691A7DC855D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1 y 2.3.4.1 iFix1 es vulnerable a la inyecci\u00f3n de HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al visualizarse, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web que lo aloja."
}
],
"id": "CVE-2025-2895",
"lastModified": "2025-08-14T01:07:15.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-30T15:15:23.133",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237164"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-10 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1126605 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1126605 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179."
},
{
"lang": "es",
"value": "Platform System Manager en IBM Cloud Pak System versi\u00f3n 2.3, es potencialmente vulnerable a una inyecci\u00f3n CVS. Un atacante remoto podr\u00eda ejecutar comandos arbitrarios sobre el sistema, causados ??por una comprobaci\u00f3n incorrecta del contenido del archivo csv. ID de IBM X-Force: 165179."
}
],
"id": "CVE-2019-4521",
"lastModified": "2024-11-21T04:43:41.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-10T16:15:13.597",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165179"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191287 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191287 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287."
},
{
"lang": "es",
"value": "Self Service Console de IBM Cloud Pak System versi\u00f3n 2.3, podr\u00eda permitir una escalada de privilegios al capturar la URL de petici\u00f3n del usuario al iniciar sesi\u00f3n como usuario privilegiado.\u0026#xa0;IBM X-Force ID: 191287."
}
],
"id": "CVE-2020-4912",
"lastModified": "2024-11-21T05:33:24.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:13.627",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-09 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/197498 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6562263 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/197498 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6562263 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40E742B8-2817-4CF0-80D2-4CC3AC8A8D72",
"versionEndExcluding": "2.3.3.4",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3.0 hasta 2.3.3.3 Interim Fix 1, usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. IBM X-Force ID: 197498"
}
],
"id": "CVE-2021-20479",
"lastModified": "2024-11-21T05:46:38.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-09T17:15:07.987",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197498"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6562263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6562263"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-25 14:15
Modified
2025-08-13 17:59
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7159533 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.0 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.4 | |
| ibm | cloud_pak_system | 2.3.3.5 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de los archivos de registro."
}
],
"id": "CVE-2023-38271",
"lastModified": "2025-08-13T17:59:56.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-25T14:15:28.123",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-10 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158015 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1126605 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158015 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1126605 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario que conf\u00eda en el sitio web. ID de IBM X-Force: 158015."
}
],
"id": "CVE-2019-4095",
"lastModified": "2024-11-21T04:43:10.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-10T16:15:13.347",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158015"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-25 14:15
Modified
2025-08-14 01:56
Severity ?
Summary
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148474 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 y 2.3.4.0 podr\u00edan permitir que un atacante remoto recorra directorios en el directorio ra\u00edz sistema. Un atacante podr\u00eda enviar una solicitud de URL manipulado especial que contenga secuencias de \"punto punto\" (/../) para ver archivos arbitrarios sistema."
}
],
"id": "CVE-2023-38012",
"lastModified": "2025-08-14T01:56:24.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-01-25T14:15:27.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148474"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, podr\u00eda revelar informaci\u00f3n de credenciales en la respuesta HTTP para un usuario privilegiado local.\u0026#xa0;IBM X-Force ID: 191288."
}
],
"id": "CVE-2020-4913",
"lastModified": "2024-11-21T05:33:25.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:13.767",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191390 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191390 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, es vulnerable a un ataque de tipo cross site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 191390."
}
],
"id": "CVE-2020-4916",
"lastModified": "2024-11-21T05:33:25.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:13.830",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-25 14:15
Modified
2025-08-13 17:54
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7159533 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.0 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.4 | |
| ibm | cloud_pak_system | 2.3.3.5 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan revelar informaci\u00f3n confidencial sobre el tallo sistema que podr\u00eda ayudar en futuros ataques contra sistema."
}
],
"id": "CVE-2023-38714",
"lastModified": "2025-08-13T17:54:10.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-25T14:15:28.437",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/163776 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/163776 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3 y 2.3.0.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista lo que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 163776."
}
],
"id": "CVE-2019-4467",
"lastModified": "2024-11-21T04:43:38.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T15:15:15.573",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163776"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-27 18:17
Modified
2025-08-18 18:46
Severity ?
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229212 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.1.1 | |
| ibm | cloud_pak_system | 2.3.3.0 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.4 | |
| ibm | cloud_pak_system | 2.3.3.5 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.4.0 | |
| ibm | cloud_pak_system | 2.3.4.1 | |
| ibm | cloud_pak_system_software_suite | 2.3.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D9DA5D-895C-45D9-909C-9C04454A1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "618F4D77-242C-415C-AA3F-4F79C2663178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system_software_suite:2.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49EB651B-FC8D-4A20-AA73-7AE9CDC9D359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0 y 2.3.4.1 almacenan datos confidenciales en la memoria que un usuario no autorizado podr\u00eda obtener."
}
],
"id": "CVE-2023-37405",
"lastModified": "2025-08-18T18:46:32.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-03-27T18:17:28.463",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229212"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191705 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191705 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, podr\u00eda permitir a un atacante privilegiado local cargar archivos arbitrarios.\u0026#xa0;Al interceptar la petici\u00f3n y modificar la extensi\u00f3n del archivo, el atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el servidor.\u0026#xa0;IBM X-Force ID: 191705."
}
],
"id": "CVE-2020-4928",
"lastModified": "2024-11-21T05:33:26.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:14.207",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-27 15:15
Modified
2025-08-14 01:12
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7237162 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.4.0 | |
| ibm | cloud_pak_system | 2.3.4.1 | |
| ibm | cloud_pak_system | 2.3.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "618F4D77-242C-415C-AA3F-4F79C2663178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "118829A2-1826-41FE-9F64-698B8FBCF8BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 en Power y 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 en sistemas operativos Intel es vulnerable a la inyecci\u00f3n de HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al visualizarse, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web que lo aloja."
}
],
"id": "CVE-2023-38007",
"lastModified": "2025-08-14T01:12:31.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-27T15:15:24.623",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237162"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-25 14:15
Modified
2025-08-13 17:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148474 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 y 2.3.4.0 podr\u00edan revelar informaci\u00f3n confidencial sobre el tallo sistema que podr\u00eda ayudar en futuros ataques contra sistema."
}
],
"id": "CVE-2023-38716",
"lastModified": "2025-08-13T17:52:45.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-25T14:15:28.580",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148474"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-02 15:15
Modified
2024-11-21 08:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7105357 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7105357 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * | |
| ibm | cloud_pak_system | 2.3.1.1 | |
| ibm | cloud_pak_system | 2.3.2.0 | |
| ibm | cloud_pak_system | 2.3.3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A28FDA5D-1220-4585-97AF-A9349CFB3971",
"versionEndIncluding": "2.3.3.6",
"versionStartIncluding": "2.3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D9DA5D-895C-45D9-909C-9C04454A1BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5153F3A-2257-42A5-AA87-4387D374C7BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A41D520-7446-441A-B488-5B98CF7CA8D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.1.1, 2.3.2.0 y 2.3.3.7 utiliza una configuraci\u00f3n de bloqueo de cuenta inadecuada que podr\u00eda permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 260733."
}
],
"id": "CVE-2023-38273",
"lastModified": "2024-11-21T08:13:13.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T15:15:09.270",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260733"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105357"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/163777 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/163777 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3 y 2.3.0.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista lo que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 163777."
}
],
"id": "CVE-2019-4468",
"lastModified": "2024-11-21T04:43:38.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T15:15:15.650",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163777"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191395 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, presenta controles de cierre de sesi\u00f3n insuficientes que podr\u00edan permitir a un usuario privilegiado autenticado suplantar a otro usuario en el sistema.\u0026#xa0;IBM X-Force ID: 191395."
}
],
"id": "CVE-2020-4919",
"lastModified": "2024-11-21T05:33:25.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:14.143",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158280 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158280 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3 y 2.3.0.1, podr\u00eda permitir a un atacante remoto cargar archivos arbitrarios, lo que podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el servidor vulnerable. ID de IBM X-Force: 158280."
}
],
"id": "CVE-2019-4130",
"lastModified": "2024-11-21T04:43:12.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T15:15:15.293",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158280"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191273 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191273 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, es vulnerable a ataques de tipo cross site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 191273."
}
],
"id": "CVE-2020-4909",
"lastModified": "2024-11-21T05:33:24.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:13.283",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191391 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191391 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, es vulnerable a un ataque de tipo cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web conf\u00eda.\u0026#xa0;IBM X-Force ID: 191391."
}
],
"id": "CVE-2020-4917",
"lastModified": "2024-11-21T05:33:25.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:13.970",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/163774 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/163774 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3 y 2.3.0.1, permite que las p\u00e1ginas web sean almacenadas localmente y que puedan ser le\u00eddas por parte de otro usuario en el sistema. ID de IBM X-Force: 163774."
}
],
"id": "CVE-2019-4465",
"lastModified": "2024-11-21T04:43:38.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T15:15:15.463",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191274 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191274 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, es vulnerable a ataques de tipo cross site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 191274."
}
],
"id": "CVE-2020-4910",
"lastModified": "2024-11-21T05:33:24.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:13.487",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158020 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118181 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158020 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118181 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3 y 2.3.0.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista lo que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 158020."
}
],
"id": "CVE-2019-4098",
"lastModified": "2024-11-21T04:43:10.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T15:15:15.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118181"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-05 19:15
Modified
2025-01-29 17:15
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191290 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6967181 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191290 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6967181 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88C0CF07-8360-406F-A569-B7EF05DDDC80",
"versionEndExcluding": "2.3.3.6",
"versionStartIncluding": "2.3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290."
}
],
"id": "CVE-2020-4914",
"lastModified": "2025-01-29T17:15:11.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-05T19:15:15.027",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191290"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6967181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6967181"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191392 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191392 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6393554 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AD156-68F6-4A91-AF04-D3266E2F92F0",
"versionEndExcluding": "2.3.3.3",
"versionStartIncluding": "2.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, podr\u00eda permitir a un usuario privilegiado local divulgar informaci\u00f3n confidencial debido a una referencia directa a objeto no segura en la consola de servicio de venta para el Platform System Manager.\u0026#xa0;IBM X-Force ID: 191392."
}
],
"id": "CVE-2020-4918",
"lastModified": "2024-11-21T05:33:25.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:14.017",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-20 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/197497 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6473065 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/197497 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6473065 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versi\u00f3n 2.3, podr\u00eda permitir a un usuario local en algunas situaciones visualizar los artefactos de otro usuario en la consola de autoservicio. IBM X-Force ID: 197497"
}
],
"id": "CVE-2021-20478",
"lastModified": "2024-11-21T05:46:38.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-20T17:15:07.763",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197497"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6473065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6473065"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-27 18:17
Modified
2025-08-18 12:46
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1
could allow a user with access to the network to obtain sensitive information from CLI arguments.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229212 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.1.1 | |
| ibm | cloud_pak_system | 2.3.3.0 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.4 | |
| ibm | cloud_pak_system | 2.3.3.5 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.4.0 | |
| ibm | cloud_pak_system | 2.3.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5218E983-CFD9-4BDF-AA5B-1C214C2BC375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "618F4D77-242C-415C-AA3F-4F79C2663178",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\ncould allow a user with access to the network to obtain sensitive information from CLI arguments."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0 y 2.3.4.1 podr\u00edan permitir que un usuario con acceso a la red obtenga informaci\u00f3n confidencial de los argumentos de la CLI."
}
],
"id": "CVE-2023-38272",
"lastModified": "2025-08-18T12:46:11.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-27T18:17:29.347",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229212"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-25 14:15
Modified
2025-08-13 17:56
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7159533 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3.0.0 | |
| ibm | cloud_pak_system | 2.3.3.0 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.3 | |
| ibm | cloud_pak_system | 2.3.3.4 | |
| ibm | cloud_pak_system | 2.3.3.5 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.6 | |
| ibm | cloud_pak_system | 2.3.3.7 | |
| ibm | cloud_pak_system | 2.3.3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93609C-17C0-458E-AB09-FD14F5E88A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
"matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
},
{
"lang": "es",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan revelar informaci\u00f3n confidencial sobre el tallo sistema que podr\u00eda ayudar en futuros ataques contra sistema."
}
],
"id": "CVE-2023-38713",
"lastModified": "2025-08-13T17:56:44.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-25T14:15:28.273",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-03 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/159243 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/159243 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118487 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_system | 2.3 | |
| ibm | cloud_pak_system | 2.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5DCDFB-5D30-4AB8-90D5-3BF60702E9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4251A424-6363-452A-9C5B-652F31C68003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243."
},
{
"lang": "es",
"value": "IBM Cloud Pak System versiones 2.3 y 2.3.0.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista lo que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 159243."
}
],
"id": "CVE-2019-4226",
"lastModified": "2024-11-21T04:43:20.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T15:15:15.370",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159243"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-4913 (GCVE-0-2020-4913)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-16 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204913-info-disc (191288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.9,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/S:U/AC:L/UI:N/I:N/PR:H/AV:L/A:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:35",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204913-info-disc (191288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204913-info-disc (191288)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4913",
"datePublished": "2021-01-04T14:00:35.556956Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:01:15.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38273 (GCVE-0-2023-38273)
Vulnerability from cvelistv5
Published
2024-02-02 14:26
Modified
2024-08-02 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Summary
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.1.1, 2.3.2.0, 2.3.3.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloud_pak_system",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "2.3.1.1"
},
{
"status": "affected",
"version": "2.3.2.0"
},
{
"status": "affected",
"version": "2.3.3.7"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T16:10:40.809317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T22:38:10.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7105357"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.1.1, 2.3.2.0, 2.3.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733."
}
],
"value": "IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T14:26:10.089Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7105357"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260733"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38273",
"datePublished": "2024-02-02T14:26:10.089Z",
"dateReserved": "2023-07-14T00:46:27.163Z",
"dateUpdated": "2024-08-02T17:39:12.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4928 (GCVE-0-2020-4928)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-17 03:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204928-file-upload (191705)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:L/UI:N/AC:L/PR:H/I:H/S:U/C:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:38",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204928-file-upload (191705)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204928-file-upload (191705)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4928",
"datePublished": "2021-01-04T14:00:38.935092Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:29:07.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38713 (GCVE-0-2023-38713)
Vulnerability from cvelistv5
Published
2025-01-25 13:56
Modified
2025-01-27 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T14:45:36.427434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T14:46:11.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could disclose sensitive information about the system that could aid in further attacks against the system."
}
],
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T13:56:16.547Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38713",
"datePublished": "2025-01-25T13:56:16.547Z",
"dateReserved": "2023-07-25T00:00:53.162Z",
"dateUpdated": "2025-01-27T14:46:11.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4909 (GCVE-0-2020-4909)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-16 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204909-xss (191273)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/A:N/S:C/C:L/UI:R/AC:L/PR:H/I:L/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204909-xss (191273)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "H",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204909-xss (191273)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4909",
"datePublished": "2021-01-04T14:00:33.475725Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:14:19.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4521 (GCVE-0-2019-4521)
Vulnerability from cvelistv5
Published
2019-12-10 16:10
Modified
2024-09-17 00:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"name": "ibm-cps-cve20194521-csv-injection (165179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2019-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/PR:N/C:H/S:U/AC:H/A:H/AV:L/I:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-10T16:10:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"name": "ibm-cps-cve20194521-csv-injection (165179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-09T00:00:00",
"ID": "CVE-2019-4521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1126605",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1126605 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"name": "ibm-cps-cve20194521-csv-injection (165179)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4521",
"datePublished": "2019-12-10T16:10:24.121574Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:45:36.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4468 (GCVE-0-2019-4468)
Vulnerability from cvelistv5
Published
2019-12-03 14:55
Modified
2024-09-17 02:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194468-xss (163777)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:C/A:N/I:L/AC:L/AV:N/UI:R/C:L/PR:L/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194468-xss (163777)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118487",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118487 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194468-xss (163777)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4468",
"datePublished": "2019-12-03T14:55:24.759399Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:20:50.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4098 (GCVE-0-2019-4098)
Vulnerability from cvelistv5
Published
2019-12-03 14:55
Modified
2024-09-17 04:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 Version: 2.3.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118181"
},
{
"name": "ibm-pure-cve20194098-xss (158020)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.3.0.1"
}
]
}
],
"datePublic": "2019-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/S:C/AV:N/I:L/AC:L/C:L/UI:R/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118181"
},
{
"name": "ibm-pure-cve20194098-xss (158020)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.3.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118181",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118181 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118181"
},
{
"name": "ibm-pure-cve20194098-xss (158020)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4098",
"datePublished": "2019-12-03T14:55:22.497924Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:29:21.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4130 (GCVE-0-2019-4130)
Vulnerability from cvelistv5
Published
2019-12-03 14:55
Modified
2024-09-17 02:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-pure-cve20194130-file-upload (158280)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:C/A:H/I:H/AC:L/AV:N/C:H/UI:R/PR:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-pure-cve20194130-file-upload (158280)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118487",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118487 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-pure-cve20194130-file-upload (158280)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4130",
"datePublished": "2019-12-03T14:55:22.967955Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:22:00.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4919 (GCVE-0-2020-4919)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-17 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204919-session-fixation (191395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/S:U/UI:N/AC:L/PR:H/I:L/AV:N/A:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:38",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204919-session-fixation (191395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204919-session-fixation (191395)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4919",
"datePublished": "2021-01-04T14:00:38.182005Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:17:11.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37405 (GCVE-0-2023-37405)
Vulnerability from cvelistv5
Published
2025-03-27 17:20
Modified
2025-08-17 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.3 iFix1 Version: 2.3.3.4 Version: 2.3.3.5 Version: 2.3.3.6 Version: 2.3.3.6 iFix1 Version: 2.3.3.7 Version: 2.3.3.7 iFix1 Version: 2.3.4.0 Version: 2.3.4.1 cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:11:13.021060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:11:23.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.3 iFix1"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.3.6 iFix1"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7 iFix1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
}
],
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:14:54.449Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-37405",
"datePublished": "2025-03-27T17:20:04.260Z",
"dateReserved": "2023-07-05T15:59:16.996Z",
"dateUpdated": "2025-08-17T01:14:54.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38272 (GCVE-0-2023-38272)
Vulnerability from cvelistv5
Published
2025-03-27 17:21
Modified
2025-08-17 01:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-300 - Channel Accessible by Non-Endpoint
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1
could allow a user with access to the network to obtain sensitive information from CLI arguments.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.3 iFix1 Version: 2.3.3.4 Version: 2.3.3.5 Version: 2.3.3.6 Version: 2.3.3.6 iFix1 Version: 2.3.3.6 iFix2 Version: 2.3.3.7 Version: 2.3.3.7 iFix1 Version: 2.3.4.0 Version: 2.3.4.1 cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:09:49.868161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:10:42.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.3 iFix1"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.3.6 iFix1"
},
{
"status": "affected",
"version": "2.3.3.6 iFix2"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7 iFix1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a user with access to the network to obtain sensitive information from CLI arguments.\u003c/span\u003e"
}
],
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\ncould allow a user with access to the network to obtain sensitive information from CLI arguments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300 Channel Accessible by Non-Endpoint",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:11:50.459Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38272",
"datePublished": "2025-03-27T17:21:08.596Z",
"dateReserved": "2023-07-14T00:46:14.891Z",
"dateUpdated": "2025-08-17T01:11:50.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4916 (GCVE-0-2020-4916)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-16 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204916-xss (191390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/S:C/C:L/PR:H/I:L/UI:N/AC:L/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:36",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204916-xss (191390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "H",
"S": "C",
"UI": "N"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204916-xss (191390)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4916",
"datePublished": "2021-01-04T14:00:36.207464Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:33:15.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4912 (GCVE-0-2020-4912)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-16 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204912-priv-escalation (191287)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AV:N/I:L/PR:H/UI:N/AC:L/S:U/C:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204912-priv-escalation (191287)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204912-priv-escalation (191287)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4912",
"datePublished": "2021-01-04T14:00:34.812100Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:19:03.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20479 (GCVE-0-2021-20479)
Vulnerability from cvelistv5
Published
2022-05-09 16:35
Modified
2024-09-17 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.0 Version: 2.3.3.3.Interim.Fix1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6562263"
},
{
"name": "ibm-cps-cve202120479-info-disc (197498)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.3.3.3.Interim.Fix1"
}
]
}
],
"datePublic": "2022-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/I:N/UI:N/PR:N/AC:H/S:U/A:N/C:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T16:35:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6562263"
},
{
"name": "ibm-cps-cve202120479-info-disc (197498)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-05-06T00:00:00",
"ID": "CVE-2021-20479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3.0"
},
{
"version_value": "2.3.3.3.Interim.Fix1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562263",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6562263 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6562263"
},
{
"name": "ibm-cps-cve202120479-info-disc (197498)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20479",
"datePublished": "2022-05-09T16:35:18.335966Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T03:38:16.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4918 (GCVE-0-2020-4918)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-17 04:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204918-info-disc (191392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AV:L/AC:L/UI:N/PR:H/I:N/C:L/S:U/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:37",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204918-info-disc (191392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204918-info-disc (191392)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4918",
"datePublished": "2021-01-04T14:00:37.535272Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T04:08:48.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4910 (GCVE-0-2020-4910)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-17 03:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204910-xss (191274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:C/C:L/AC:L/UI:R/PR:H/I:L/AV:N/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204910-xss (191274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "H",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204910-xss (191274)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4910",
"datePublished": "2021-01-04T14:00:34.122091Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:23:43.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4465 (GCVE-0-2019-4465)
Vulnerability from cvelistv5
Published
2019-12-03 14:55
Modified
2024-09-17 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194465-info-disc (163774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/UI:N/PR:N/A:N/S:U/AV:L/AC:L/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194465-info-disc (163774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118487",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118487 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194465-info-disc (163774)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4465",
"datePublished": "2019-12-03T14:55:23.910759Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:37:02.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4917 (GCVE-0-2020-4917)
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-16 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204917-csrf (191391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/A:N/C:N/S:U/AC:L/UI:R/I:L/PR:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:36",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204917-csrf (191391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-02T00:00:00",
"ID": "CVE-2020-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6393554",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6393554 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6393554"
},
{
"name": "ibm-cps-cve20204917-csrf (191391)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4917",
"datePublished": "2021-01-04T14:00:36.896166Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:41:54.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38271 (GCVE-0-2023-38271)
Vulnerability from cvelistv5
Published
2025-01-25 13:57
Modified
2025-01-27 17:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:00:35.776203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:00:45.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could allow an authenticated user to obtain sensitive information from log files."
}
],
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T13:57:18.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38271",
"datePublished": "2025-01-25T13:57:18.288Z",
"dateReserved": "2023-07-14T00:46:14.890Z",
"dateUpdated": "2025-01-27T17:00:45.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4467 (GCVE-0-2019-4467)
Vulnerability from cvelistv5
Published
2019-12-03 14:55
Modified
2024-09-17 04:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194467-xss (163776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/C:L/UI:R/AV:N/AC:L/I:L/S:C/A:N/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194467-xss (163776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118487",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118487 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194467-xss (163776)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4467",
"datePublished": "2019-12-03T14:55:24.341571Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:08:42.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2895 (GCVE-0-2025-2895)
Vulnerability from cvelistv5
Published
2025-06-30 14:39
Modified
2025-06-30 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, 2.3.4.1 iFix1 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T14:59:12.440305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T14:59:26.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, 2.3.4.1 iFix1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T14:39:43.041Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237164"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. \u003cbr\u003e\u003cbr\u003eFor Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online,\u003cbr\u003e\u003cbr\u003e\u2028Information on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor Power, contact IBM Support.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eFor unsupported versions the recommendation is to upgrade to supported version of the product.\u003cbr\u003e"
}
],
"value": "This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. \n\nFor Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online,\n\n\u2028Information on upgrading here http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\nFor Power, contact IBM Support.\n\n \n\nFor unsupported versions the recommendation is to upgrade to supported version of the product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2895",
"datePublished": "2025-06-30T14:39:43.041Z",
"dateReserved": "2025-03-28T02:06:17.704Z",
"dateUpdated": "2025-06-30T14:59:26.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4226 (GCVE-0-2019-4226)
Vulnerability from cvelistv5
Published
2019-12-03 14:55
Modified
2024-09-17 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-pure-cve20194226-xss (159243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/S:C/I:L/AC:L/AV:N/C:L/UI:R/PR:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-pure-cve20194226-xss (159243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118487",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118487 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-pure-cve20194226-xss (159243)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4226",
"datePublished": "2019-12-03T14:55:23.441006Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:10:53.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4914 (GCVE-0-2020-4914)
Vulnerability from cvelistv5
Published
2023-05-05 18:17
Modified
2025-01-29 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System Software Suite |
Version: 2.3.3.0 ≤ 2.3.3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6967181"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191290"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-4914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:18:30.689001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:19:50.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud Pak System Software Suite",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.3.5",
"status": "affected",
"version": "2.3.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290."
}
],
"value": "IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T18:17:10.598Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6967181"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191290"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System Software Suite session fixation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4914",
"datePublished": "2023-05-05T18:17:10.598Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2025-01-29T16:19:50.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38007 (GCVE-0-2023-38007)
Vulnerability from cvelistv5
Published
2025-06-27 14:48
Modified
2025-08-17 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | IBM | Cloud Pak System |
Version: 2.3.5.0 Version: 2.3.3.7 Version: 2.3.3.7 iFix1 cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T15:01:40.406081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T15:01:48.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Power"
],
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7 iFix1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.3.6 iFix1"
},
{
"status": "affected",
"version": "2.3.3.6 iFix2"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T00:24:09.866Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237162"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\u003cbr\u003e\u003cbr\u003eFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \u003cbr\u003e\u003cbr\u003einformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7178546\"\u003ehttps://www.ibm.com/support/pages/node/7178546\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor Power, contact IBM Support.\u003cbr\u003e\u003cbr\u003eFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003cbr\u003e"
}
],
"value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\n\nFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \n\ninformation on upgrading here https://www.ibm.com/support/pages/node/7178546 \n\nFor Power, contact IBM Support.\n\nFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38007",
"datePublished": "2025-06-27T14:48:28.581Z",
"dateReserved": "2023-07-11T17:33:11.275Z",
"dateUpdated": "2025-08-17T00:24:09.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38013 (GCVE-0-2023-38013)
Vulnerability from cvelistv5
Published
2025-01-25 13:55
Modified
2025-01-27 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:02:29.965914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:02:47.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."
}
],
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T13:55:05.494Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38013",
"datePublished": "2025-01-25T13:55:05.494Z",
"dateReserved": "2023-07-11T17:33:12.812Z",
"dateUpdated": "2025-01-27T17:02:47.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38716 (GCVE-0-2023-38716)
Vulnerability from cvelistv5
Published
2025-01-25 13:48
Modified
2025-01-27 17:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:04:19.635331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:04:29.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system."
}
],
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T13:48:45.716Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7148474"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38716",
"datePublished": "2025-01-25T13:48:45.716Z",
"dateReserved": "2023-07-25T00:00:53.163Z",
"dateUpdated": "2025-01-27T17:04:29.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38714 (GCVE-0-2023-38714)
Vulnerability from cvelistv5
Published
2025-01-25 13:55
Modified
2025-01-27 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:01:16.708564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:01:26.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could disclose sensitive information about the system that could aid in further attacks against the system."
}
],
"value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T13:55:54.926Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7159533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38714",
"datePublished": "2025-01-25T13:55:54.926Z",
"dateReserved": "2023-07-25T00:00:53.163Z",
"dateUpdated": "2025-01-27T17:01:26.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38012 (GCVE-0-2023-38012)
Vulnerability from cvelistv5
Published
2025-01-25 13:49
Modified
2025-01-27 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0 cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:03:24.561019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:03:37.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T13:52:16.547Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7148474"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak System directory traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38012",
"datePublished": "2025-01-25T13:49:36.358Z",
"dateReserved": "2023-07-11T17:33:12.812Z",
"dateUpdated": "2025-01-27T17:03:37.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20478 (GCVE-0-2021-20478)
Vulnerability from cvelistv5
Published
2021-07-20 17:10
Modified
2024-09-16 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6473065"
},
{
"name": "ibm-cps-cve202120478-info-disc (197497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2021-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/A:N/I:N/C:L/AV:L/AC:L/UI:N/PR:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T17:10:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6473065"
},
{
"name": "ibm-cps-cve202120478-info-disc (197497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-19T00:00:00",
"ID": "CVE-2021-20478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6473065",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6473065 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/6473065"
},
{
"name": "ibm-cps-cve202120478-info-disc (197497)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20478",
"datePublished": "2021-07-20T17:10:14.951787Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T19:14:53.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4095 (GCVE-0-2019-4095)
Vulnerability from cvelistv5
Published
2019-12-10 16:10
Modified
2024-09-16 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak System |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"name": "ibm-pure-cve20194095-csrf (158015)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2019-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/S:U/AC:L/AV:N/I:L/PR:N/UI:N/C:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-10T16:10:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"name": "ibm-pure-cve20194095-csrf (158015)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-09T00:00:00",
"ID": "CVE-2019-4095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1126605",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1126605 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"name": "ibm-pure-cve20194095-csrf (158015)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4095",
"datePublished": "2019-12-10T16:10:23.248722Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:01:49.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}