Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2021-20419 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-05-24 | CVE-2021-20557 | OS Command Injection vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.2 |
| 2021-05-20 | CVE-2020-4850 | Improper Encoding or Escaping of Output vulnerability in IBM Gpfs.Tct.Server IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. | 7.5 |
| 2021-05-20 | CVE-2021-29686 | Unspecified vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. | 8.8 |
| 2021-05-20 | CVE-2021-29688 | Information Exposure Through an Error Message vulnerability in IBM Security Identity Manager 6.0.2/7.0.2 IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2021-05-20 | CVE-2021-29691 | Use of Hard-coded Credentials vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2021-05-17 | CVE-2021-29747 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. | 7.5 |
| 2021-05-14 | CVE-2020-4985 | Unspecified vulnerability in IBM Planning Analytics Local 2.0.0 IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. | 7.5 |
| 2021-05-14 | CVE-2021-20393 | Information Exposure Through an Error Message vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2021-05-06 | CVE-2020-28198 | Out-of-bounds Write vulnerability in IBM Tivoli Storage Manager 5.2.0.1 The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. | 7.0 |