Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-09 | CVE-2019-4621 | Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. | 9.8 |
| 2019-08-26 | CVE-2019-4169 | Insecure Default Initialization of Resource vulnerability in IBM Open Power Op910/Op920 IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. | 9.1 |
| 2019-08-20 | CVE-2019-4483 | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |
| 2019-08-20 | CVE-2019-4481 | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |
| 2019-07-02 | CVE-2019-4087 | Out-of-bounds Write vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. | 9.8 |
| 2019-07-01 | CVE-2019-4336 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Robotic Process Automation With Automation Anywhere IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2019-05-17 | CVE-2019-4279 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 9.8 |
| 2019-04-15 | CVE-2019-4203 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. | 9.8 |
| 2019-04-15 | CVE-2019-4202 | OS Command Injection vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. | 10.0 |
| 2019-04-15 | CVE-2019-4178 | Path Traversal vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. | 9.1 |