Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-04 | CVE-2020-4942 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.11.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-01-04 | CVE-2020-4917 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-01-04 | CVE-2020-4912 | Unspecified vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. | 7.2 |
| 2020-12-21 | CVE-2020-4870 | Unspecified vulnerability in IBM MQ 9.2.0 IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. | 7.5 |
| 2020-12-11 | CVE-2020-4633 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. | 8.8 |
| 2020-12-10 | CVE-2020-4829 | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. | 7.8 |
| 2020-11-20 | CVE-2020-4937 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-11-20 | CVE-2020-4739 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. | 7.8 |
| 2020-11-19 | CVE-2020-4701 | Classic Buffer Overflow vulnerability in IBM DB2 10.5/11.1/11.5 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2020-11-16 | CVE-2020-4700 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. | 8.8 |