Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-4257 | Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1 IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 7.8 |
| 2020-04-24 | CVE-2019-4750 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0 IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-04-23 | CVE-2020-4311 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Monitoring 6.3.0 IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. | 7.0 |
| 2020-04-23 | CVE-2020-4202 | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). | 8.8 |
| 2020-04-17 | CVE-2020-4277 | Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform 3.5.3/3.6.1.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. | 7.5 |
| 2020-04-16 | CVE-2020-4347 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. | 7.3 |
| 2020-04-16 | CVE-2019-4762 | Unspecified vulnerability in IBM MQ IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. | 7.5 |
| 2020-04-15 | CVE-2020-4272 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. | 8.8 |
| 2020-04-15 | CVE-2020-4270 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. | 7.8 |
| 2020-04-15 | CVE-2020-4269 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |