Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-4432 | Command Injection vulnerability in IBM products Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. | 7.5 |
| 2020-06-08 | CVE-2020-4529 | Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1.0 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). | 7.4 |
| 2020-06-05 | CVE-2020-4449 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. | 7.5 |
| 2020-06-05 | CVE-2020-4229 | Session Fixation vulnerability in IBM Mobile Foundation 8.0.0.0 IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. | 7.3 |
| 2020-06-04 | CVE-2020-4509 | XXE vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.6 |
| 2020-06-03 | CVE-2020-4180 | OS Command Injection vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-06-02 | CVE-2020-4367 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Planning Analytics Local IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-05-29 | CVE-2020-4352 | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.0.4/8.1.0 IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. | 7.0 |
| 2020-05-28 | CVE-2020-4246 | XXE vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2020-05-28 | CVE-2020-4245 | Weak Password Requirements vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |