Vulnerabilities > IBM > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-30 | CVE-2021-29781 | Deserialization of Untrusted Data vulnerability in IBM Partner Engagement Manager 2.0 IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. | 9.8 |
2021-07-27 | CVE-2021-20399 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2021-07-16 | CVE-2020-4821 | Improper Authentication vulnerability in IBM products IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. | 9.8 |
2021-06-11 | CVE-2020-5003 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2021-06-01 | CVE-2020-4561 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. | 10.0 |
2021-05-26 | CVE-2021-20487 | Improper Verification of Cryptographic Signature vulnerability in IBM products IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | 9.1 |
2021-05-24 | CVE-2021-20426 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
2021-05-17 | CVE-2020-4669 | Missing Authorization vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local IBM Planning Analytics Local 2.0 connects to a MongoDB server. | 9.1 |
2021-05-17 | CVE-2020-4670 | Missing Authentication for Critical Function vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local IBM Planning Analytics Local 2.0 connects to a Redis server. | 9.1 |
2021-05-10 | CVE-2021-20538 | Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1 IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. | 9.1 |