Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2019-4651 SQL Injection vulnerability in IBM Jazz Reporting Service 6.0.6.1
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2019-12-18 CVE-2019-4716 Code Injection vulnerability in IBM Planning Analytics
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.
network
low complexity
ibm CWE-94
critical
9.8
2019-12-10 CVE-2019-4521 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection.
network
low complexity
ibm CWE-1236
critical
9.8
2019-12-10 CVE-2019-4244 Missing Authentication for Critical Function vulnerability in IBM Smartcloud Analytics LOG Analysis
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication.
network
low complexity
ibm CWE-306
critical
9.1
2019-12-09 CVE-2019-4621 Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled.
network
low complexity
ibm CWE-1188
critical
9.8
2019-08-26 CVE-2019-4169 Insecure Default Initialization of Resource vulnerability in IBM Open Power Op910/Op920
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password.
network
low complexity
ibm CWE-1188
critical
9.1
2019-08-20 CVE-2019-4483 SQL Injection vulnerability in IBM products
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2019-08-20 CVE-2019-4481 SQL Injection vulnerability in IBM products
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2019-07-02 CVE-2019-4087 Out-of-bounds Write vulnerability in IBM Spectrum Protect Operations Center
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges.
network
low complexity
ibm CWE-787
critical
9.8
2019-07-01 CVE-2019-4336 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Robotic Process Automation With Automation Anywhere
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
critical
9.8