Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2020-4135 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | 7.5 |
| 2020-02-13 | CVE-2019-4592 | Unspecified vulnerability in IBM Tivoli Monitoring 6.3.0.7.10/6.3.0.7.3 IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. | 7.5 |
| 2020-02-12 | CVE-2019-4427 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud CLI IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. | 7.5 |
| 2020-02-11 | CVE-2013-0517 | OS Command Injection vulnerability in IBM Sterling External Authentication Server A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | 7.8 |
| 2020-02-05 | CVE-2015-0102 | Improper Authentication vulnerability in IBM Workflow IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 8.1 |
| 2020-02-05 | CVE-2019-4613 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 |
| 2020-02-04 | CVE-2020-4163 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. | 7.2 |
| 2020-02-04 | CVE-2019-4541 | Unspecified vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 7.2 |
| 2020-02-04 | CVE-2019-4540 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |