Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2020-4495 | Unspecified vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. | 8.8 |
| 2021-06-01 | CVE-2019-4723 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. | 7.5 |
| 2021-06-01 | CVE-2019-4724 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. | 7.5 |
| 2021-06-01 | CVE-2019-4730 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-06-01 | CVE-2020-4300 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-06-01 | CVE-2020-4520 | Cross-site Scripting vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. | 8.8 |
| 2021-06-01 | CVE-2021-20576 | Unspecified vulnerability in IBM Application Gateway and Security Verify Access IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. | 7.5 |
| 2021-06-01 | CVE-2021-29665 | Out-of-bounds Write vulnerability in IBM Security Verify Access 20.07 IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. | 7.8 |
| 2021-06-01 | CVE-2021-29740 | Use of Externally-Controlled Format String vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. | 7.8 |
| 2021-05-26 | CVE-2019-4588 | Uncontrolled Search Path Element vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. | 7.8 |