Ibm: >> Cloud Pak For Multicloud Management Monitoring >> 2.3.0 Security Vulnerabilities
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-09-26
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-09-26
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-08
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-06-30