Vulnerabilities > IBM > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-30 CVE-2020-4627 Injection vulnerability in IBM Cloud PAK for Security 1.3.0.1
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection.
network
low complexity
ibm CWE-74
critical
 9.0
9.0
2020-11-09 CVE-2020-4759 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Filenet Content Manager 5.5.4/5.5.5
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection.
network
ibm CWE-1236
critical
 9.3
9.3
2020-10-29 CVE-2020-4724 Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
network
ibm CWE-120
critical
 9.3
9.3
2020-10-29 CVE-2020-4723 Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
network
ibm CWE-120
critical
 9.3
9.3
2020-10-29 CVE-2020-4722 Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
network
ibm CWE-120
critical
 9.3
9.3
2020-10-29 CVE-2020-4721 Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
network
ibm CWE-120
critical
 9.3
9.3
2020-10-12 CVE-2020-4302 Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.
network
ibm CWE-755
critical
 9.3
9.3
2020-10-08 CVE-2020-4280 Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function.
network
low complexity
ibm CWE-502
critical
 9.0
9.0
2020-09-22 CVE-2020-4620 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Data Risk Manager
IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions.
network
low complexity
ibm CWE-434
critical
 9.0
9.0
2020-09-15 CVE-2020-4521 Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java.
network
low complexity
ibm CWE-502
critical
 9.0
9.0