Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2020-5015 | Unspecified vulnerability in IBM Elastic Storage Server and Elastic Storage System IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. | 7.5 |
| 2021-03-15 | CVE-2020-4184 | Improper Privilege Management vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 7.3 |
| 2021-03-12 | CVE-2020-4831 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datapower Gateway 10.0.0.0/10.0.0.1/10.0.1.0 IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-03-11 | CVE-2020-5025 | Classic Buffer Overflow vulnerability in multiple products IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2021-03-11 | CVE-2020-5024 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. | 7.5 |
| 2021-03-08 | CVE-2020-4695 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect 10.0.0.0/10.0.1.0 IBM API Connect V10 is impacted by insecure communications during database replication. | 7.5 |
| 2021-03-03 | CVE-2021-20442 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2021-02-18 | CVE-2021-20443 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. | 8.8 |
| 2021-02-18 | CVE-2021-20354 | Path Traversal vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. | 7.5 |
| 2021-02-15 | CVE-2020-4955 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. | 8.0 |