Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-20442 Use of Hard-coded Credentials vulnerability in IBM Security Verify Bridge
IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2021-02-18 CVE-2021-20443 Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Maximo for Civil Infrastructure 7.6.2
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
network
low complexity
ibm CWE-829
8.8
2021-02-18 CVE-2021-20354 Path Traversal vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories.
network
low complexity
ibm CWE-22
7.5
2021-02-15 CVE-2020-4955 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Operations Center
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation.
low complexity
ibm CWE-434
8.0
2021-02-12 CVE-2021-20412 Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2021-02-12 CVE-2021-20411 Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier.
low complexity
ibm CWE-669
8.1
2021-02-12 CVE-2021-20409 Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
low complexity
ibm CWE-319
7.5
2021-02-12 CVE-2021-20407 Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system.
network
low complexity
ibm CWE-312
7.5
2021-02-11 CVE-2021-20405 Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output.
network
low complexity
ibm CWE-116
7.5
2021-02-11 CVE-2021-20403 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8