Latest IBM Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-4711 Path Traversal vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
CWE-22
4.0
2020-09-15 CVE-2020-4703 Unrestricted Upload of File With Dangerous Type vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.
network
ibm
CWE-434
6.0
2020-09-15 CVE-2020-4530 Cross-Site Scripting vulnerability in IBM products
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting.
network
ibm
CWE-79
3.5
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm
CWE-352
4.3
2020-09-15 CVE-2020-4521 Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java.
network
low complexity
ibm
CWE-502
critical
9.0
2020-09-15 CVE-2020-4344 Insecure Storage of Sensitive Information vulnerability in IBM Tivoli Business Service Manager 6.2.0.0
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm
CWE-922
2.1
2020-09-15 CVE-2019-4671 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.
network
low complexity
ibm
CWE-89
6.5
2020-09-10 CVE-2020-4578 Cross-Site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
3.5
2020-09-08 CVE-2020-4698 Cross-Site Scripting vulnerability in IBM products
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting.
network
ibm
CWE-79
3.5
2020-09-08 CVE-2020-4516 Cross-Site Scripting vulnerability in IBM products
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting.
network
ibm
CWE-79
3.5