Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-21 | CVE-2012-6277 | Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | 7.8 |
| 2020-02-20 | CVE-2019-4752 | SQL Injection vulnerability in IBM products IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. | 8.8 |
| 2020-02-19 | CVE-2020-4204 | Classic Buffer Overflow vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2020-02-19 | CVE-2020-4135 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | 7.5 |
| 2020-02-13 | CVE-2019-4592 | Unspecified vulnerability in IBM Tivoli Monitoring 6.3.0.7.10/6.3.0.7.3 IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. | 7.5 |
| 2020-02-12 | CVE-2019-4427 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud CLI IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. | 7.5 |
| 2020-02-11 | CVE-2013-0517 | OS Command Injection vulnerability in IBM Sterling External Authentication Server A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | 7.8 |
| 2020-02-05 | CVE-2015-0102 | Improper Authentication vulnerability in IBM Workflow IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 8.1 |
| 2020-02-05 | CVE-2019-4613 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 |