Vulnerabilities > IBM > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-09 | CVE-2019-4651 | SQL Injection vulnerability in IBM Jazz Reporting Service 6.0.6.1 IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. | 9.8 |
2019-12-18 | CVE-2019-4716 | Code Injection vulnerability in IBM Planning Analytics IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | 9.8 |
2019-12-10 | CVE-2019-4521 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. | 9.8 |
2019-12-10 | CVE-2019-4244 | Missing Authentication for Critical Function vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. | 9.1 |
2019-12-09 | CVE-2019-4621 | Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. | 9.8 |
2019-08-26 | CVE-2019-4169 | Insecure Default Initialization of Resource vulnerability in IBM Open Power Op910/Op920 IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. | 9.1 |
2019-08-20 | CVE-2019-4483 | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |
2019-08-20 | CVE-2019-4481 | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |
2019-07-02 | CVE-2019-4087 | Out-of-bounds Write vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. | 9.8 |
2019-07-01 | CVE-2019-4336 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Robotic Process Automation With Automation Anywhere IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |