Security Vulnerabilities - CVEs Published In July 2021
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-07-13
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-07-13
Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-07-13