Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-05 CVE-2020-4493 Unspecified vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command.
network
low complexity
ibm
critical
9.8
2020-09-02 CVE-2020-4693 Improper Input Validation vulnerability in IBM Spectrum Protect Operations Center
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export.
network
low complexity
ibm CWE-20
critical
9.8
2020-08-26 CVE-2019-4694 Use of Hard-coded Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2020-08-13 CVE-2020-4589 Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources.
network
low complexity
ibm CWE-502
critical
9.8
2020-08-04 CVE-2020-4459 Use of Hard-coded Credentials vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2020-08-03 CVE-2020-4377 XXE vulnerability in IBM Cognos Analytics 11.0.0/11.1.0
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2020-07-29 CVE-2020-4567 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
critical
9.8
2020-07-22 CVE-2020-4385 Use of Hard-coded Credentials vulnerability in IBM Verify Gateway 1.0.0/1.0.1
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2020-06-15 CVE-2020-4469 OS Command Injection vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
9.8
2020-06-15 CVE-2020-4216 Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8