Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-04 | CVE-2020-4545 | Untrusted Search Path vulnerability in IBM Aspera Connect 3.9.8/3.9.9 IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. | 7.8 |
| 2020-09-03 | CVE-2020-4638 | Unspecified vulnerability in IBM API Connect IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. | 7.2 |
| 2020-09-01 | CVE-2012-3336 | SQL Injection vulnerability in IBM Infosphere Guardium 8.0/8.01/8.2 IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. | 8.8 |
| 2020-08-28 | CVE-2020-4559 | Improper Input Validation vulnerability in IBM Spectrum Protect IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. | 7.5 |
| 2020-08-27 | CVE-2020-4603 | Improper Privilege Management vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 7.2 |
| 2020-08-27 | CVE-2020-4174 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-08-27 | CVE-2020-4169 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-08-26 | CVE-2019-4713 | Unspecified vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-08-26 | CVE-2019-4698 | Weak Password Requirements vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2020-08-26 | CVE-2019-4689 | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 7.5 |