Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-4363 | Classic Buffer Overflow vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2020-07-01 | CVE-2019-4676 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2020-06-29 | CVE-2020-4452 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-06-16 | CVE-2020-4310 | Unspecified vulnerability in IBM MQ and Websphere MQ IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. | 7.5 |
| 2020-06-15 | CVE-2020-4494 | Improper Authentication vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. | 7.5 |
| 2020-06-15 | CVE-2020-4470 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 8.0 |
| 2020-06-10 | CVE-2020-4436 | Classic Buffer Overflow vulnerability in IBM products Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. | 7.5 |
| 2020-06-10 | CVE-2020-4435 | Out-of-bounds Write vulnerability in IBM products Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. | 7.5 |
| 2020-06-10 | CVE-2020-4434 | Classic Buffer Overflow vulnerability in IBM products Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. | 7.5 |
| 2020-06-10 | CVE-2020-4433 | Out-of-bounds Write vulnerability in IBM products Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 7.5 |