Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-09 CVE-2020-4759 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Filenet Content Manager 5.5.4/5.5.5
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection.
local
low complexity
ibm CWE-1236
7.8
2020-10-30 CVE-2020-4588 Unrestricted Upload of File with Dangerous Type vulnerability in IBM I2 Ibase 8.9.13
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.
local
low complexity
ibm CWE-434
7.8
2020-10-30 CVE-2020-4584 Information Exposure Through an Error Message vulnerability in IBM I2 Ibase 8.9.13
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
7.5
2020-10-29 CVE-2020-4724 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
2020-10-29 CVE-2020-4723 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
2020-10-29 CVE-2020-4722 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
2020-10-29 CVE-2020-4721 Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.
local
low complexity
ibm CWE-787
7.8
2020-10-28 CVE-2020-4767 Out-of-bounds Read vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read.
network
low complexity
ibm CWE-125
7.5
2020-10-20 CVE-2019-4680 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2020-10-16 CVE-2020-4636 Command Injection vulnerability in IBM Resilient Security Orchestration Automation and Response 38.2
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting.
network
low complexity
ibm CWE-77
7.2