Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2021-29781 Deserialization of Untrusted Data vulnerability in IBM Partner Engagement Manager 2.0
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw.
network
low complexity
ibm CWE-502
critical
9.8
2021-07-27 CVE-2021-20399 XXE vulnerability in IBM Qradar Security Information and Event Manager
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2021-07-16 CVE-2020-4821 Improper Authentication vulnerability in IBM products
IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string.
network
low complexity
ibm CWE-287
critical
9.8
2021-06-11 CVE-2020-5003 XXE vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2021-06-01 CVE-2020-4561 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions.
network
low complexity
ibm netapp CWE-829
critical
10.0
2021-05-26 CVE-2021-20487 Improper Verification of Cryptographic Signature vulnerability in IBM products
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
network
low complexity
ibm CWE-347
critical
9.1
2021-05-24 CVE-2021-20426 Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.2
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2021-05-17 CVE-2020-4669 Missing Authorization vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local
IBM Planning Analytics Local 2.0 connects to a MongoDB server.
network
low complexity
ibm CWE-862
critical
9.1
2021-05-17 CVE-2020-4670 Missing Authentication for Critical Function vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local
IBM Planning Analytics Local 2.0 connects to a Redis server.
network
low complexity
ibm CWE-306
critical
9.1
2021-05-10 CVE-2021-20538 Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms.
network
low complexity
ibm CWE-863
critical
9.1