Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2019-4561 | Deserialization of Untrusted Data vulnerability in IBM Security Identity Manager 6.0.0 IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2019-11-12 | CVE-2019-4652 | Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. | 7.1 |
| 2019-11-09 | CVE-2018-1721 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.8 |
| 2019-10-29 | CVE-2019-4546 | Improper Privilege Management vulnerability in IBM products After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. | 8.8 |
| 2019-10-29 | CVE-2019-4339 | Inadequate Encryption Strength vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-10-29 | CVE-2019-4314 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. | 7.5 |
| 2019-10-25 | CVE-2019-4399 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-10-25 | CVE-2019-4036 | Unspecified vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. | 7.5 |
| 2019-10-22 | CVE-2019-4523 | Classic Buffer Overflow vulnerability in IBM DB2 High Performance Unload Load 6.1/6.5 IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2019-10-16 | CVE-2019-4031 | Unspecified vulnerability in IBM Tivoli Workload Scheduler IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. | 7.8 |