Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-4639 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-01-28 | CVE-2019-4620 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. | 7.8 |
| 2020-01-10 | CVE-2019-4508 | Insufficiently Protected Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. | 7.8 |
| 2019-12-20 | CVE-2018-1934 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Business Intelligence 10.2.2 IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-12-18 | CVE-2019-4609 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7 IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-12-12 | CVE-2019-4606 | Untrusted Search Path vulnerability in IBM DB2 High Performance Unload Load IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. | 7.8 |
| 2019-12-11 | CVE-2019-4715 | OS Command Injection vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2019-12-09 | CVE-2019-4612 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. | 8.8 |
| 2019-12-03 | CVE-2019-4130 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2019-11-26 | CVE-2019-4387 | SQL Injection vulnerability in IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1/6.0.2.0 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. | 8.8 |