Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm cloud pak for data 4.0 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-28958
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.
Ibm Watson Knowledge Catalog On Cloud Pak For Data 4.0
7.5
CVSSv3
CVE-2023-26023
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an malicious user to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.
Ibm Cloud Pak For Data 4.0
7.5
CVSSv3
CVE-2023-26026
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an malicious user to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.
Ibm Cloud Pak For Data 4.0
7.5
CVSSv3
CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.
Ibm Cloud Pak For Data 4.0
6.5
CVSSv3
CVE-2023-26024
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898.
Ibm Planning Analytics On Cloud Pak For Data 4.0
6.5
CVSSv3
CVE-2023-28955
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.
Ibm Watson Knowledge Catalog On Cloud Pak For Data
6.5
CVSSv3
CVE-2023-30444
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated malicious user to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attack...
Ibm Watson Machine Learning On Cloud Pak For Data 4.0
Ibm Watson Machine Learning On Cloud Pak For Data 4.5
6.5
CVSSv3
CVE-2022-41297
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.
Ibm Db2u 3.5
Ibm Db2u 4.0
Ibm Db2u 4.5
Ibm Db2 Warehouse On Cloud Pak For Data
Ibm Db2 On Cloud Pak For Data
4.3
CVSSv3
CVE-2023-28953
IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an malicious user to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.
Ibm Cognos Analytics Cartridge For Ibm Cloud Pak For Data
NA
CVE-2023-42005
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started