Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-17 | CVE-2021-29747 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. | 7.5 |
| 2021-05-14 | CVE-2020-4985 | Unspecified vulnerability in IBM Planning Analytics Local 2.0.0 IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. | 7.5 |
| 2021-05-14 | CVE-2021-20393 | Information Exposure Through an Error Message vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2021-05-06 | CVE-2020-28198 | Out-of-bounds Write vulnerability in IBM Tivoli Storage Manager 5.2.0.1 The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. | 7.0 |
| 2021-05-05 | CVE-2021-20401 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2021-05-05 | CVE-2020-5013 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2021-05-05 | CVE-2020-4932 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2021-04-27 | CVE-2021-29667 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. | 7.8 |
| 2021-04-26 | CVE-2021-20532 | Incorrect Default Permissions vulnerability in IBM products IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. | 7.8 |
| 2021-04-26 | CVE-2021-29694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |