Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-10 | CVE-2020-4362 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. | 8.8 |
| 2020-04-03 | CVE-2020-4273 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. | 7.8 |
| 2020-03-31 | CVE-2020-4242 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4241 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4238 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-03-31 | CVE-2020-4237 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-03-31 | CVE-2020-4214 | Improper Input Validation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. | 7.5 |
| 2020-03-31 | CVE-2020-4206 | OS Command Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. | 8.8 |
| 2020-03-26 | CVE-2020-4276 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. | 7.5 |
| 2020-03-24 | CVE-2020-4253 | Insufficient Session Expiration vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |