Vulnerabilities > IBM > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 9.8 |
| 2020-02-04 | CVE-2019-4675 | Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager 7.0.1 IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-01-28 | CVE-2020-4207 | Classic Buffer Overflow vulnerability in IBM products IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. | 9.8 |
| 2020-01-09 | CVE-2019-4651 | SQL Injection vulnerability in IBM Jazz Reporting Service 6.0.6.1 IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. | 9.8 |
| 2019-12-18 | CVE-2019-4716 | Code Injection vulnerability in IBM Planning Analytics IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | 9.8 |
| 2019-12-10 | CVE-2019-4521 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. | 9.8 |
| 2019-12-10 | CVE-2019-4244 | Missing Authentication for Critical Function vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. | 9.1 |
| 2019-12-09 | CVE-2019-4621 | Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. | 9.8 |
| 2019-08-26 | CVE-2019-4169 | Insecure Default Initialization of Resource vulnerability in IBM Open Power Op910/Op920 IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. | 9.1 |
| 2019-08-20 | CVE-2019-4483 | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |