Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-29 CVE-2020-4721 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
2020-10-28 CVE-2020-4767 Out-of-bounds Read vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read.
network
low complexity
ibm CWE-125
7.5
2020-10-20 CVE-2019-4680 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2020-10-16 CVE-2020-4636 Command Injection vulnerability in IBM Resilient Security Orchestration Automation and Response 38.2
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting.
network
low complexity
ibm CWE-77
7.2
2020-10-16 CVE-2020-4254 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0
IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2020-10-12 CVE-2020-4388 Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks.
network
low complexity
ibm CWE-755
8.2
2020-10-12 CVE-2020-4302 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.
local
low complexity
ibm CWE-1236
7.8
2020-10-12 CVE-2020-4779 Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
low complexity
ibm CWE-287
8.1
2020-10-12 CVE-2020-4778 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application.
network
low complexity
ibm CWE-327
7.5
2020-10-12 CVE-2020-4776 Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5