Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2020-4979 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication.
network
low complexity
ibm
critical
9.8
2021-01-28 CVE-2020-4682 Deserialization of Untrusted Data vulnerability in IBM MQ, MQ Appliance and Websphere MQ
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data.
network
low complexity
ibm CWE-502
critical
9.8
2021-01-26 CVE-2020-27583 Deserialization of Untrusted Data vulnerability in IBM Infosphere Information Server 8.5
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code.
network
low complexity
ibm CWE-502
critical
9.8
2021-01-21 CVE-2020-4958 Missing Authentication for Critical Function vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
network
low complexity
ibm CWE-306
critical
9.8
2021-01-05 CVE-2020-4899 Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network.
network
low complexity
ibm CWE-319
critical
9.1
2020-12-21 CVE-2020-4988 Unspecified vulnerability in IBM Loopback 8.0.0
Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code.
network
low complexity
ibm
critical
9.8
2020-12-15 CVE-2020-4747 Improper Authentication vulnerability in IBM Connect:Direct
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods.
network
low complexity
ibm CWE-287
critical
9.8
2020-11-30 CVE-2020-4627 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK for Security 1.3.0.1
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection.
network
low complexity
ibm CWE-1236
critical
9.0
2020-11-23 CVE-2020-4854 Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2020-10-15 CVE-2020-4499 Unspecified vulnerability in IBM Security Access Manager and Security Verify Access
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications.
network
low complexity
ibm
critical
9.8