Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-26 CVE-2021-20532 Incorrect Default Permissions vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions.
local
low complexity
ibm CWE-276
7.8
2021-04-26 CVE-2021-29694 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-04-26 CVE-2021-29672 Out-of-bounds Write vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings.
local
low complexity
ibm CWE-787
7.8
2021-04-21 CVE-2021-20501 Unspecified vulnerability in IBM I
IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration.
network
low complexity
ibm
8.2
2021-04-21 CVE-2021-20454 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2021-04-20 CVE-2021-20453 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2021-04-19 CVE-2021-20527 Command Injection vulnerability in IBM Resilient
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user.
network
low complexity
ibm CWE-77
7.2
2021-04-12 CVE-2020-4965 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-03-30 CVE-2021-20502 XXE vulnerability in IBM products
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2021-03-30 CVE-2021-20482 XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3
IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1