Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2020-4881 | Origin Validation Error vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. | 7.5 |
| 2021-01-13 | CVE-2020-4596 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-13 | CVE-2020-4595 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-13 | CVE-2020-4594 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-13 | CVE-2019-4702 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2021-01-13 | CVE-2019-4160 | Inadequate Encryption Strength vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-08 | CVE-2020-5018 | Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. | 7.5 |
| 2021-01-07 | CVE-2020-4898 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-05 | CVE-2020-4762 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. | 8.8 |
| 2021-01-05 | CVE-2019-4728 | Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |