Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-4314 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. | 7.5 |
| 2019-10-25 | CVE-2019-4399 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-10-25 | CVE-2019-4036 | Unspecified vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. | 7.5 |
| 2019-10-22 | CVE-2019-4523 | Classic Buffer Overflow vulnerability in IBM DB2 High Performance Unload Load 6.1/6.5 IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2019-10-16 | CVE-2019-4031 | Unspecified vulnerability in IBM Tivoli Workload Scheduler IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. | 7.8 |
| 2019-10-09 | CVE-2019-4558 | Injection vulnerability in IBM Spectrum Scale A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | 7.8 |
| 2019-10-04 | CVE-2019-4227 | Session Fixation vulnerability in IBM MQ IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. | 7.3 |
| 2019-10-03 | CVE-2019-4422 | Unspecified vulnerability in IBM Security Guardium IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. | 8.8 |
| 2019-10-02 | CVE-2019-4539 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. | 7.1 |
| 2019-10-02 | CVE-2019-4538 | Open Redirect vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |