Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4815PUBLISHED: 2021-01-27IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
CVE-2020-4816PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-For...
CVE-2020-4820PUBLISHED: 2021-01-27IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4967PUBLISHED: 2021-01-27IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
CVE-2020-36012PUBLISHED: 2021-01-27Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
User Rank: Strategist
10/6/2017 | 11:11:43 AM