Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-4464 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. | 8.8 |
| 2020-07-16 | CVE-2020-4462 | XXE vulnerability in IBM products IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-07-14 | CVE-2020-4512 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | 7.2 |
| 2020-07-13 | CVE-2019-4591 | Session Fixation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 7.8 |
| 2020-07-09 | CVE-2020-4305 | Deserialization of Untrusted Data vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2020-07-01 | CVE-2020-4420 | Improper Resource Shutdown or Release vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. | 7.5 |
| 2020-07-01 | CVE-2020-4363 | Classic Buffer Overflow vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2020-07-01 | CVE-2019-4676 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2020-06-29 | CVE-2020-4452 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-06-16 | CVE-2020-4310 | Unspecified vulnerability in IBM MQ and Websphere MQ IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. | 7.5 |