Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-4302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 7.8 |
| 2020-10-12 | CVE-2020-4779 | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
| 2020-10-12 | CVE-2020-4778 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. | 7.5 |
| 2020-10-12 | CVE-2020-4776 | Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2020-10-12 | CVE-2020-4772 | XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
| 2020-10-08 | CVE-2020-4799 | Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 14.10 IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. | 7.8 |
| 2020-10-08 | CVE-2020-4280 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
| 2020-10-08 | CVE-2019-4545 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. | 7.5 |
| 2020-10-01 | CVE-2020-4576 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. | 7.5 |
| 2020-09-29 | CVE-2020-4607 | Improper Input Validation vulnerability in IBM Security Verify Privilege Vault Remote On-Premises 1.3.2 IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. | 7.8 |