VYPR

Cloud Pak for Security

by IBM

CVEs (55)

  • CVE-2021-38911MedOct 19, 2021
    risk 0.32cvss 4.9epss 0.01

    IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

  • CVE-2021-29697MedAug 2, 2021
    risk 0.32cvss 4.9epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.

  • CVE-2025-25019MedJun 3, 2025
    risk 0.31cvss 4.8epss 0.00

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

  • CVE-2022-38382MedAug 13, 2024
    risk 0.31cvss 4.7epss 0.00

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672.

  • CVE-2023-47727MedMay 2, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

  • CVE-2022-36777MedNov 22, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

  • CVE-2021-39089MedJan 20, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.

  • CVE-2020-4967MedJan 27, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

  • CVE-2020-4696MedNov 30, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.

  • CVE-2020-4626MedNov 30, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.

  • CVE-2021-39011MedJan 20, 2023
    risk 0.27cvss 4.2epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

  • CVE-2025-1334MedJun 3, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2022-38383MedJun 28, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.

  • CVE-2023-50951MedFeb 17, 2024
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.

  • CVE-2020-4811LowMay 14, 2021
    risk 0.16cvss 2.4epss 0.01

    IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.

Page 3 of 3