Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-4305 Deserialization of Untrusted Data vulnerability in IBM products
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data.
network
low complexity
ibm CWE-502
8.8
2020-07-01 CVE-2020-4420 Improper Resource Shutdown or Release vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command.
network
low complexity
ibm CWE-404
7.5
2020-07-01 CVE-2020-4363 Classic Buffer Overflow vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
local
low complexity
ibm CWE-120
7.8
2020-07-01 CVE-2019-4676 Cleartext Storage of Sensitive Information vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-312
7.8
2020-06-29 CVE-2020-4452 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect
IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2020-06-16 CVE-2020-4310 Unspecified vulnerability in IBM MQ and Websphere MQ
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic.
network
low complexity
ibm
7.5
2020-06-15 CVE-2020-4494 Improper Authentication vulnerability in IBM products
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources.
network
low complexity
ibm CWE-287
7.5
2020-06-15 CVE-2020-4470 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.0
2020-06-10 CVE-2020-4436 Classic Buffer Overflow vulnerability in IBM products
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service.
network
high complexity
ibm CWE-120
7.5
2020-06-10 CVE-2020-4435 Out-of-bounds Write vulnerability in IBM products
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service.
network
high complexity
ibm CWE-787
7.5