Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2021-20353 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-02-10 | CVE-2020-5023 | Resource Exhaustion vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. | 7.5 |
| 2021-02-09 | CVE-2020-4795 | Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. | 8.2 |
| 2021-01-28 | CVE-2020-4888 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
| 2021-01-27 | CVE-2020-4952 | Unspecified vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. | 8.8 |
| 2021-01-26 | CVE-2020-4949 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-01-22 | CVE-2020-4766 | Resource Exhaustion vulnerability in IBM MQ Internet Pass-Thru 2.1/9.2 IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. | 7.5 |
| 2021-01-20 | CVE-2020-4983 | Use of Hard-coded Credentials vulnerability in IBM Spectrum LSF and Spectrum LSF Suite IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. | 7.8 |
| 2021-01-20 | CVE-2020-4921 | SQL Injection vulnerability in IBM Security Guardium 10.6/11.2 IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. | 8.8 |
| 2021-01-20 | CVE-2020-4688 | Command Injection vulnerability in IBM Security Guardium 10.6/11.2 IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. | 7.8 |