Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-4130 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | 8.8 |
| 2019-11-26 | CVE-2019-4387 | SQL Injection vulnerability in IBM Sterling B2B Integrator 6.0.0.0/6.0.0.1/6.0.2.0 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. | 8.8 |
| 2019-11-20 | CVE-2019-4561 | Deserialization of Untrusted Data vulnerability in IBM Security Identity Manager 6.0.0 IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2019-11-12 | CVE-2019-4652 | Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. | 7.1 |
| 2019-11-09 | CVE-2018-1721 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.8 |
| 2019-10-29 | CVE-2019-4546 | Improper Privilege Management vulnerability in IBM products After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. | 8.8 |
| 2019-10-29 | CVE-2019-4339 | Inadequate Encryption Strength vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-10-29 | CVE-2019-4314 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. | 7.5 |
| 2019-10-25 | CVE-2019-4399 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-10-25 | CVE-2019-4036 | Unspecified vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. | 7.5 |