Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-4270 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. | 7.8 |
| 2020-04-15 | CVE-2020-4269 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2020-04-10 | CVE-2020-4362 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. | 8.8 |
| 2020-04-03 | CVE-2020-4273 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. | 7.8 |
| 2020-03-31 | CVE-2020-4242 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4241 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4238 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-03-31 | CVE-2020-4237 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-03-31 | CVE-2020-4214 | Improper Input Validation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. | 7.5 |
| 2020-03-31 | CVE-2020-4206 | OS Command Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. | 8.8 |