Cloud Pak for Multicloud Management
by IBM
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43191 | 0.00 | — | 0.01 | Sep 26, 2024 | IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. | |||
| CVE-2023-46175 | 0.00 | — | 0.00 | Sep 26, 2024 | IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | |||
| CVE-2022-42438 | 0.00 | — | 0.01 | Feb 8, 2023 | IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. | |||
| CVE-2021-38941 | 0.00 | — | 0.01 | Jun 30, 2022 | IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. | |||
| CVE-2020-4765 | 0.00 | — | 0.00 | May 19, 2021 | IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902. | |||
| CVE-2021-20341 | 0.00 | — | 0.01 | Mar 9, 2021 | IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513. |
- CVE-2024-43191Sep 26, 2024risk 0.00cvss —epss 0.01
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
- CVE-2023-46175Sep 26, 2024risk 0.00cvss —epss 0.00
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
- CVE-2022-42438Feb 8, 2023risk 0.00cvss —epss 0.01
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.
- CVE-2021-38941Jun 30, 2022risk 0.00cvss —epss 0.01
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.
- CVE-2020-4765May 19, 2021risk 0.00cvss —epss 0.00
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
- CVE-2021-20341Mar 9, 2021risk 0.00cvss —epss 0.01
IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.