Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-05 | CVE-2020-4899 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. | 9.1 |
| 2020-12-21 | CVE-2020-4988 | Unspecified vulnerability in IBM Loopback 8.0.0 Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. | 9.8 |
| 2020-12-15 | CVE-2020-4747 | Improper Authentication vulnerability in IBM Connect:Direct IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. | 9.8 |
| 2020-11-30 | CVE-2020-4627 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK for Security 1.3.0.1 IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. | 9.0 |
| 2020-11-23 | CVE-2020-4854 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-10-15 | CVE-2020-4499 | Unspecified vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. | 9.8 |
| 2020-10-05 | CVE-2020-4493 | Unspecified vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. | 9.8 |
| 2020-09-02 | CVE-2020-4693 | Improper Input Validation vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. | 9.8 |
| 2020-08-26 | CVE-2019-4694 | Use of Hard-coded Credentials vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-08-13 | CVE-2020-4589 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 9.8 |