Ibm Cloud Pak For Applications vulnerabilities

12 known vulnerabilities affecting ibm/cloud_pak_for_applications.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2021-20422HIGHCVSS 7.5fixed in 4.3.1v4.32021-07-13
CVE-2021-20422 [HIGH] CVE-2021-20422: IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by a IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.
cvelistv5nvd
CVE-2021-20360HIGHCVSS 7.5v4.32021-07-13
CVE-2021-20360 [HIGH] CWE-326 CVE-2021-20360: IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could all IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.
cvelistv5nvd
CVE-2021-20423HIGHCVSS 8.8fixed in 4.3.1v4.32021-07-13
CVE-2021-20423 [HIGH] CWE-732 CVE-2021-20423: IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.
cvelistv5nvd
CVE-2021-20365MEDIUMCVSS 5.4v4.32021-07-13
CVE-2021-20365 [MEDIUM] CWE-79 CVE-2021-20365: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036.
cvelistv5nvd
CVE-2021-20424MEDIUMCVSS 4.3fixed in 4.3.1v4.32021-07-13
CVE-2021-20424 [MEDIUM] CWE-209 CVE-2021-20424: IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information whe IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.
cvelistv5nvd
CVE-2021-20369MEDIUMCVSS 5.9fixed in 4.3.1v4.32021-07-13
CVE-2021-20369 [MEDIUM] CWE-326 CVE-2021-20369: IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could all IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.
cvelistv5nvd
CVE-2021-20361MEDIUMCVSS 5.4v4.32021-07-13
CVE-2021-20361 [MEDIUM] CWE-79 CVE-2021-20361: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195032.
cvelistv5nvd
CVE-2021-20366MEDIUMCVSS 5.4fixed in 4.3.1v4.32021-07-13
CVE-2021-20366 [MEDIUM] CWE-79 CVE-2021-20366: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037.
cvelistv5nvd
CVE-2021-20362MEDIUMCVSS 5.4v4.32021-07-13
CVE-2021-20362 [MEDIUM] CWE-79 CVE-2021-20362: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195033.
cvelistv5nvd
CVE-2021-20368MEDIUMCVSS 5.4fixed in 4.3.1v4.32021-07-13
CVE-2021-20368 [MEDIUM] CWE-79 CVE-2021-20368: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357.
cvelistv5nvd
CVE-2021-20363MEDIUMCVSS 5.4v4.32021-07-13
CVE-2021-20363 [MEDIUM] CWE-79 CVE-2021-20363: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195034.
cvelistv5nvd
CVE-2021-20364MEDIUMCVSS 5.4v4.32021-07-13
CVE-2021-20364 [MEDIUM] CWE-79 CVE-2021-20364: IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035.
cvelistv5nvd