Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-03 | CVE-2020-4550 | Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2 IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 7.8 |
| 2020-08-03 | CVE-2020-4549 | Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1 IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 7.8 |
| 2020-08-03 | CVE-2020-4534 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. | 8.8 |
| 2020-07-30 | CVE-2020-4185 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium 10.5/10.6/11.1 IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-07-29 | CVE-2020-4574 | Weak Password Requirements vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0 IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2020-07-29 | CVE-2020-4463 | XXE vulnerability in IBM Maximo Asset Management 7.6.0.1/7.6.0.2 IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-07-28 | CVE-2020-4375 | Memory Leak vulnerability in IBM MQ Appliance IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. | 7.5 |
| 2020-07-22 | CVE-2020-4400 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2020-07-22 | CVE-2020-4372 | Insufficiently Protected Credentials vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2020-07-20 | CVE-2020-4125 | Download of Code Without Integrity Check vulnerability in IBM Marketing Operations Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information. | 8.1 |