High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-20	CVE-2019-4402	Unspecified vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. network low complexity ibm	7.5
2019-08-20	CVE-2019-4310	Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. network low complexity ibm CWE-307	7.5
2019-08-20	CVE-2019-4294	OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. local low complexity ibm CWE-78	7.8
2019-08-20	CVE-2019-4253	Unspecified vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. local low complexity ibm	7.8
2019-08-20	CVE-2019-4117	Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud Private IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network low complexity ibm CWE-352	8.8
2019-08-20	CVE-2018-1796	Unspecified vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. local low complexity ibm	7.8
2019-08-05	CVE-2019-3800	Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. local low complexity pivotal apigee newrelic microsoft appdynamics bluemedora contrastsecurity cyberark datadoghq datastax dynatrace forgerock google ibm pagerduty riverbed signalsciences wavefront tibco solace snyk samba splunk sumologic synopsys yugabyte anynines CWE-200	7.8
2019-08-05	CVE-2019-4473	Uncontrolled Search Path Element vulnerability in IBM Java 7.0.0.0/7.1.4.50/8.0 Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. local low complexity ibm CWE-427	7.8
2019-08-02	CVE-2018-1987	Improper Authentication vulnerability in IBM Data Protection IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. local low complexity ibm CWE-287	7.8
2019-07-31	CVE-2019-4165	Unspecified vulnerability in IBM Storediq IBM StoreIQ 7.6.0.0. network low complexity ibm	7.5