Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-05 | CVE-2021-20401 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2021-05-05 | CVE-2020-5013 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2021-05-05 | CVE-2020-4932 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2021-04-27 | CVE-2021-29667 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. | 7.8 |
| 2021-04-26 | CVE-2021-20532 | Incorrect Default Permissions vulnerability in IBM products IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. | 7.8 |
| 2021-04-26 | CVE-2021-29694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-04-26 | CVE-2021-29672 | Out-of-bounds Write vulnerability in IBM products IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. | 7.8 |
| 2021-04-21 | CVE-2021-20501 | Unspecified vulnerability in IBM I IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. | 8.2 |
| 2021-04-21 | CVE-2021-20454 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-04-20 | CVE-2021-20453 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |