cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-38271,https://securityvulnerability.io/vulnerability/CVE-2023-38271,Sensitive Information Exposure in IBM Cloud Pak System,"An authenticated user could potentially retrieve sensitive information from log files within specific versions of the IBM Cloud Pak System. This exposure could lead to unauthorized access to confidential data, potentially compromising security and privacy for users relying on this platform.",IBM,Cloud Pak System,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-25T13:57:18.288Z,0
CVE-2023-38713,https://securityvulnerability.io/vulnerability/CVE-2023-38713,Sensitive Information Disclosure in IBM Cloud Pak System,"IBM Cloud Pak System has a vulnerability that may allow an attacker to access sensitive information about the system configuration and operations. This exposure could be leveraged to conduct further attacks against the system, compromising data integrity and system security. It is crucial for users to review their configurations and apply the necessary updates to mitigate potential threats.",IBM,Cloud Pak System,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T13:56:16.547Z,0
CVE-2023-38714,https://securityvulnerability.io/vulnerability/CVE-2023-38714,Information Disclosure Vulnerability in IBM Cloud Pak System,"An information disclosure vulnerability exists in the IBM Cloud Pak System that could expose sensitive system information. This vulnerability could potentially be exploited, leading to further attacks against the system. It is essential for users of affected versions to consider implementing security best practices and updates to mitigate risks associated with this vulnerability.",IBM,Cloud Pak System,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T13:55:54.926Z,0
CVE-2023-38013,https://securityvulnerability.io/vulnerability/CVE-2023-38013,Sensitive Information Disclosure in IBM Cloud Pak System,"In IBM Cloud Pak System, versions 2.3.3.0 through 2.3.3.7, including iFix variants, a design flaw allows sensitive information to be disclosed in HTTP responses. This vulnerability could facilitate further attacks on the system, posing risks to data integrity and confidentiality. Organizations utilizing affected versions should take immediate actions to mitigate potential security threats.",IBM,Cloud Pak System,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T13:55:05.494Z,0
CVE-2023-38012,https://securityvulnerability.io/vulnerability/CVE-2023-38012,Directory Traversal Vulnerability in IBM Cloud Pak System,"A vulnerability exists in IBM Cloud Pak System versions 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 that allows remote attackers to exploit directory traversal. By sending a specially crafted URL request consisting of 'dot dot' sequences (e.g., /../), an attacker may gain unauthorized access to view arbitrary files on the system, potentially leading to the exposure of sensitive information and a compromise of system integrity.",IBM,Cloud Pak System,5.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,false,,2025-01-25T13:49:36.358Z,0
CVE-2023-38716,https://securityvulnerability.io/vulnerability/CVE-2023-38716,Information Disclosure Vulnerability in IBM Cloud Pak System,"An information disclosure vulnerability exists in the IBM Cloud Pak System, where specific versions are susceptible to exposing sensitive system information. This vulnerability may facilitate further targeted attacks by revealing critical details about the system configuration and operation.",IBM,Cloud Pak System,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T13:48:45.716Z,0
CVE-2023-38273,https://securityvulnerability.io/vulnerability/CVE-2023-38273,IBM Cloud Pak System information disclosure,"The IBM Cloud Pak System is affected by a vulnerability stemming from inadequate account lockout settings, which could be exploited by remote attackers to perform brute force attacks on user account credentials. This flaw presents risks that can lead to unauthorized access and compromise of sensitive information. Organizations utilizing the affected versions of IBM Cloud Pak System should take immediate measures to enhance account security and mitigate potential threats.",IBM,Cloud Pak System,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-02-02T14:26:10.089Z,0
CVE-2020-4914,https://securityvulnerability.io/vulnerability/CVE-2020-4914,IBM Cloud Pak System Software Suite session fixation,IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system.  IBM X-Force ID:  191290.,IBM,Cloud Pak System Software Suite,4.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-05-05T18:17:10.598Z,0
CVE-2021-20479,https://securityvulnerability.io/vulnerability/CVE-2021-20479,Weak Cryptographic Algorithms in IBM Cloud Pak System Affects Data Security,"The IBM Cloud Pak System versions 2.3.0 to 2.3.3.3 Interim Fix 1 have been identified as using weaker than expected cryptographic algorithms. This vulnerability could potentially enable attackers to decrypt sensitive information, posing risks to data confidentiality and integrity. Organizations utilizing these affected versions are encouraged to assess their exposure and implement necessary measures to mitigate potential security risks.",IBM,Cloud Pak System,5.9,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2022-05-09T17:15:00.000Z,0
CVE-2021-20478,https://securityvulnerability.io/vulnerability/CVE-2021-20478,,IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.,IBM,Cloud Pak System,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-07-20T17:15:00.000Z,0
CVE-2020-4912,https://securityvulnerability.io/vulnerability/CVE-2020-4912,,IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.,IBM,Cloud Pak System,4.7,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4918,https://securityvulnerability.io/vulnerability/CVE-2020-4918,,IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.,IBM,Cloud Pak System,2.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4919,https://securityvulnerability.io/vulnerability/CVE-2020-4919,,IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.,IBM,Cloud Pak System,4.7,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4917,https://securityvulnerability.io/vulnerability/CVE-2020-4917,,IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.,IBM,Cloud Pak System,4.3,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4928,https://securityvulnerability.io/vulnerability/CVE-2020-4928,,"IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.",IBM,Cloud Pak System,6.7,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4916,https://securityvulnerability.io/vulnerability/CVE-2020-4916,,IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.,IBM,Cloud Pak System,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4913,https://securityvulnerability.io/vulnerability/CVE-2020-4913,,IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.,IBM,Cloud Pak System,4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4909,https://securityvulnerability.io/vulnerability/CVE-2020-4909,,IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.,IBM,Cloud Pak System,4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2020-4910,https://securityvulnerability.io/vulnerability/CVE-2020-4910,,IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.,IBM,Cloud Pak System,4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-04T14:15:00.000Z,0
CVE-2019-4095,https://securityvulnerability.io/vulnerability/CVE-2019-4095,,IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.,IBM,Cloud Pak System,5.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2019-12-10T16:15:00.000Z,0
CVE-2019-4521,https://securityvulnerability.io/vulnerability/CVE-2019-4521,,"Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.",IBM,Cloud Pak System,7,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2019-12-10T16:15:00.000Z,0
CVE-2019-4467,https://securityvulnerability.io/vulnerability/CVE-2019-4467,,IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.,IBM,Cloud Pak System,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-12-03T15:15:00.000Z,0
CVE-2019-4465,https://securityvulnerability.io/vulnerability/CVE-2019-4465,,IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.,IBM,Cloud Pak System,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-03T15:15:00.000Z,0
CVE-2019-4226,https://securityvulnerability.io/vulnerability/CVE-2019-4226,,IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.,IBM,Cloud Pak System,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-12-03T15:15:00.000Z,0
CVE-2019-4098,https://securityvulnerability.io/vulnerability/CVE-2019-4098,,IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.,IBM,Cloud Pak System,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-12-03T15:15:00.000Z,0