Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-4427 Unspecified vulnerability in IBM Data Risk Manager
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication.
network
low complexity
ibm
critical
 9.8
9.8
2020-04-23 CVE-2020-4415 Out-of-bounds Write vulnerability in IBM Spectrum Protect
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.
network
low complexity
ibm CWE-787
critical
 9.8
9.8
2020-04-02 CVE-2020-7621 OS Command Injection vulnerability in IBM Strongloop Nginx Controller 1.0.0/1.0.1/1.0.2
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-03-31 CVE-2020-4208 Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2020-02-24 CVE-2020-4222 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2020-4213 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2020-4212 Improper Input Validation vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-20
critical
 9.8
9.8
2020-02-24 CVE-2020-4211 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2020-4210 OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system.
network
low complexity
ibm CWE-78
critical
 9.8
9.8
2020-02-19 CVE-2019-4640 Origin Validation Error vulnerability in IBM Security Secret Server
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code.
network
low complexity
ibm CWE-346
critical
 9.8
9.8