Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-4655 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
8.8
2020-11-16 CVE-2020-4647 SQL Injection vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
8.8
2020-11-16 CVE-2020-4476 Unspecified vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm
7.5
7.5
2020-11-11 CVE-2020-4685 Unspecified vulnerability in IBM Cognos Controller
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller.
network
low complexity
ibm
7.2
7.2
2020-11-09 CVE-2020-4759 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Filenet Content Manager 5.5.4/5.5.5
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection.
local
low complexity
ibm CWE-1236
7.8
7.8
2020-10-30 CVE-2020-4588 Unrestricted Upload of File with Dangerous Type vulnerability in IBM I2 Ibase 8.9.13
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.
local
low complexity
ibm CWE-434
7.8
7.8
2020-10-30 CVE-2020-4584 Information Exposure Through an Error Message vulnerability in IBM I2 Ibase 8.9.13
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
7.5
7.5
2020-10-29 CVE-2020-4724 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
7.8
2020-10-29 CVE-2020-4723 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
7.8
2020-10-29 CVE-2020-4722 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
7.8