Product:

Cloud_pak_for_security

(Ibm)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 36
Date Id Summary Products Score Patch Annotated
2021-05-10 CVE-2021-20577 IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199281. Cloud_pak_for_security 6.1
2021-01-27 CVE-2020-4967 IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. Cloud_pak_for_security 4.3
2021-01-27 CVE-2020-4820 IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Cloud_pak_for_security 6.1
2021-01-27 CVE-2020-4815 IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system. Cloud_pak_for_security 5.3
2021-01-27 CVE-2020-4628 IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369. Cloud_pak_for_security 5.3
2020-11-30 CVE-2020-4624 IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. Cloud_pak_for_security 5.3