Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-4169 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-08-26 | CVE-2019-4713 | Unspecified vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-08-26 | CVE-2019-4698 | Weak Password Requirements vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2020-08-26 | CVE-2019-4689 | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 7.5 |
| 2020-08-26 | CVE-2018-1501 | Missing Authentication for Critical Function vulnerability in IBM Security Guardium 10.5/10.6/11.0 IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. | 7.5 |
| 2020-08-24 | CVE-2020-4587 | Out-of-bounds Write vulnerability in IBM Connect:Direct and Sterling Connect:Direct IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. | 7.8 |
| 2020-08-17 | CVE-2020-4686 | Unspecified vulnerability in IBM products IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. | 8.1 |
| 2020-08-14 | CVE-2020-4662 | Improper Authentication vulnerability in IBM Event Streams 10.0.0 IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. | 8.8 |
| 2020-08-11 | CVE-2020-4486 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. | 8.1 |
| 2020-08-05 | CVE-2020-4481 | XXE vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |