Ibm: Security Vulnerabilities
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-01-05
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.
CVSS Score
2.3
EPSS Score
0.0
Published
2021-01-04
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.
CVSS Score
4.7
EPSS Score
0.001
Published
2021-01-04
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-01-04
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-01-04
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-01-04
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-01-04
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
CVSS Score
4.7
EPSS Score
0.003
Published
2021-01-04
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.
CVSS Score
4.4
EPSS Score
0.0
Published
2021-01-04
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-01-04