Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-24 | CVE-2019-4553 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-03-09 | CVE-2020-4217 | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Spectrum Scale The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. | 7.5 |
| 2020-03-05 | CVE-2020-4278 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. | 7.8 |
| 2020-03-02 | CVE-2020-4283 | Use of Hard-coded Credentials vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 8.6 |
| 2020-02-25 | CVE-2019-4557 | Inadequate Encryption Strength vulnerability in IBM Qradar Advisor 1.1/2.5.0 IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-02-21 | CVE-2012-6277 | Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | 7.8 |
| 2020-02-20 | CVE-2019-4752 | SQL Injection vulnerability in IBM products IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. | 8.8 |
| 2020-02-19 | CVE-2020-4204 | Classic Buffer Overflow vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2020-02-19 | CVE-2020-4135 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | 7.5 |
| 2020-02-13 | CVE-2019-4592 | Unspecified vulnerability in IBM Tivoli Monitoring 6.3.0.7.10/6.3.0.7.3 IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. | 7.5 |