Vulnerabilities > IBM > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-16 | CVE-2020-4254 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0 IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2020-10-12 | CVE-2020-4388 | Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. | 8.2 |
2020-10-12 | CVE-2020-4302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 7.8 |
2020-10-12 | CVE-2020-4779 | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
2020-10-12 | CVE-2020-4778 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. | 7.5 |
2020-10-12 | CVE-2020-4776 | Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. | 7.5 |
2020-10-12 | CVE-2020-4772 | XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
2020-10-08 | CVE-2020-4799 | Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 14.10 IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. | 7.8 |
2020-10-08 | CVE-2020-4280 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
2020-10-08 | CVE-2019-4545 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. | 7.5 |