Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-4254 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0
IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2020-10-12 CVE-2020-4388 Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks.
network
low complexity
ibm CWE-755
8.2
2020-10-12 CVE-2020-4302 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.
local
low complexity
ibm CWE-1236
7.8
2020-10-12 CVE-2020-4779 Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
low complexity
ibm CWE-287
8.1
2020-10-12 CVE-2020-4778 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application.
network
low complexity
ibm CWE-327
7.5
2020-10-12 CVE-2020-4776 Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2020-10-12 CVE-2020-4772 XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
low complexity
ibm CWE-611
8.1
2020-10-08 CVE-2020-4799 Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 14.10
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability.
local
low complexity
ibm CWE-787
7.8
2020-10-08 CVE-2020-4280 Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function.
network
low complexity
ibm CWE-502
8.8
2020-10-08 CVE-2019-4545 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks.
network
low complexity
ibm
7.5