Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-19 | CVE-2021-20527 | Command Injection vulnerability in IBM Resilient IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. | 7.2 |
| 2021-04-12 | CVE-2020-4965 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-03-30 | CVE-2021-20502 | XXE vulnerability in IBM products IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-30 | CVE-2021-20482 | XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-24 | CVE-2020-5015 | Unspecified vulnerability in IBM Elastic Storage Server and Elastic Storage System IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. | 7.5 |
| 2021-03-15 | CVE-2020-4184 | Improper Privilege Management vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 7.3 |
| 2021-03-12 | CVE-2020-4831 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datapower Gateway 10.0.0.0/10.0.0.1/10.0.1.0 IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-03-11 | CVE-2020-5025 | Classic Buffer Overflow vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2021-03-11 | CVE-2020-5024 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. | 7.5 |
| 2021-03-08 | CVE-2020-4695 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect 10.0.0.0/10.0.1.0 IBM API Connect V10 is impacted by insecure communications during database replication. | 7.5 |