Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-17 | CVE-2020-4669 | Missing Authorization vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local IBM Planning Analytics Local 2.0 connects to a MongoDB server. | 9.1 |
| 2021-05-17 | CVE-2020-4670 | Missing Authentication for Critical Function vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local IBM Planning Analytics Local 2.0 connects to a Redis server. | 9.1 |
| 2021-05-10 | CVE-2021-20538 | Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1 IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. | 9.1 |
| 2021-05-05 | CVE-2020-4979 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. | 9.8 |
| 2021-01-28 | CVE-2020-4682 | Deserialization of Untrusted Data vulnerability in IBM MQ, MQ Appliance and Websphere MQ IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. | 9.8 |
| 2021-01-26 | CVE-2020-27583 | Deserialization of Untrusted Data vulnerability in IBM Infosphere Information Server 8.5 IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. | 9.8 |
| 2021-01-21 | CVE-2020-4958 | Missing Authentication for Critical Function vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 9.8 |
| 2021-01-05 | CVE-2020-4899 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. | 9.1 |
| 2020-12-21 | CVE-2020-4988 | Unspecified vulnerability in IBM Loopback 8.0.0 Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. | 9.8 |
| 2020-12-15 | CVE-2020-4747 | Improper Authentication vulnerability in IBM Connect:Direct IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. | 9.8 |