March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – AZORult Latest IOCs
January 5, 2021Rewterz Threat Alert – Covid-19 Themed Malicious URLs
January 5, 2021Rewterz Threat Alert – AZORult Latest IOCs
January 5, 2021Rewterz Threat Alert – Covid-19 Themed Malicious URLs
January 5, 2021
Severity
Medium
Analysis Summary
CVE-2020-4912
BM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user.
CVE-2020-4918
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager.
CVE-2020-4917
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Impact
- Privilege escalation
- Information disclosure
- Cross-site request forgery
Affected Vendors
IBM
Affected Products
IBM Cloud Pak System 2.3
Remediation
Refer to IBM advisory for the complete list of affected products and their respective patches.