Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-04 | CVE-2020-4193 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2020-06-03 | CVE-2020-4177 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-05-07 | CVE-2020-4429 | Use of Hard-coded Credentials vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. | 9.8 |
| 2020-05-07 | CVE-2020-4428 | OS Command Injection vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.1 |
| 2020-05-07 | CVE-2020-4427 | Unspecified vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. | 9.8 |
| 2020-04-23 | CVE-2020-4415 | Out-of-bounds Write vulnerability in IBM Spectrum Protect IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 9.8 |
| 2020-04-02 | CVE-2020-7621 | OS Command Injection vulnerability in IBM Strongloop Nginx Controller 1.0.0/1.0.1/1.0.2 strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. | 9.8 |
| 2020-03-31 | CVE-2020-4208 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-02-24 | CVE-2020-4222 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-4213 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |