Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-4270 Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions.
local
low complexity
ibm CWE-276
7.8
2020-04-15 CVE-2020-4269 Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
2020-04-10 CVE-2020-4362 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.
network
low complexity
ibm
8.8
2020-04-03 CVE-2020-4273 Unspecified vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input.
local
low complexity
ibm
7.8
2020-03-31 CVE-2020-4242 OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-78
8.8
2020-03-31 CVE-2020-4241 OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-78
8.8
2020-03-31 CVE-2020-4238 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2020-03-31 CVE-2020-4237 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2020-03-31 CVE-2020-4214 Improper Input Validation vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-20
7.5
2020-03-31 CVE-2020-4206 OS Command Injection vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-78
8.8