Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-31 CVE-2020-4208 Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2020-02-24 CVE-2020-4222 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2020-4213 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2020-4212 Improper Input Validation vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-20
critical
 9.8
9.8
2020-02-24 CVE-2020-4211 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2020-4210 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-19 CVE-2019-4640 Origin Validation Error vulnerability in IBM Security Secret Server
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code.
network
low complexity
ibm CWE-346
critical
 9.8
9.8
2020-02-18 CVE-2013-3323 Improper Privilege Management vulnerability in IBM products
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
network
low complexity
ibm CWE-269
critical
 9.8
9.8
2020-02-04 CVE-2019-4675 Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager 7.0.1
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2020-01-28 CVE-2020-4207 Classic Buffer Overflow vulnerability in IBM products
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers.
network
low complexity
ibm CWE-120
critical
 9.8
9.8