Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-16 | CVE-2020-4347 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. | 7.3 |
| 2020-04-16 | CVE-2019-4762 | Unspecified vulnerability in IBM MQ IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. | 7.5 |
| 2020-04-15 | CVE-2020-4272 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. | 8.8 |
| 2020-04-15 | CVE-2020-4270 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. | 7.8 |
| 2020-04-15 | CVE-2020-4269 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2020-04-10 | CVE-2020-4362 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. | 8.8 |
| 2020-04-03 | CVE-2020-4273 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. | 7.8 |
| 2020-03-31 | CVE-2020-4242 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4241 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4238 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |