Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2021-20517 Path Traversal vulnerability in IBM Websphere Application Server ND
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories.
network
low complexity
ibm CWE-22
8.8
2021-06-03 CVE-2021-20380 Unspecified vulnerability in IBM Qradar Advisor With Watson
IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system.
network
low complexity
ibm
7.5
2021-06-02 CVE-2020-4495 Unspecified vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control.
network
low complexity
ibm
8.8
2021-06-01 CVE-2019-4723 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page.
network
low complexity
ibm netapp CWE-522
7.5
2021-06-01 CVE-2019-4724 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page.
network
low complexity
ibm netapp CWE-522
7.5
2021-06-01 CVE-2019-4730 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
7.1
2021-06-01 CVE-2020-4300 XXE vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm netapp CWE-611
8.2
2021-06-01 CVE-2020-4520 Cross-site Scripting vulnerability in multiple products
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code.
network
low complexity
ibm netapp CWE-79
8.8
2021-06-01 CVE-2021-20576 Unspecified vulnerability in IBM Application Gateway and Security Verify Access
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.
network
low complexity
ibm
7.5
2021-06-01 CVE-2021-29665 Out-of-bounds Write vulnerability in IBM Security Verify Access 20.07
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.
local
low complexity
ibm CWE-787
7.8