Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-22 | CVE-2019-4523 | Classic Buffer Overflow vulnerability in IBM DB2 High Performance Unload Load 6.1/6.5 IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | 7.8 |
| 2019-10-16 | CVE-2019-4031 | Unspecified vulnerability in IBM Tivoli Workload Scheduler IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. | 7.8 |
| 2019-10-09 | CVE-2019-4558 | Injection vulnerability in IBM Spectrum Scale A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | 7.8 |
| 2019-10-04 | CVE-2019-4227 | Session Fixation vulnerability in IBM MQ IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. | 7.3 |
| 2019-10-03 | CVE-2019-4422 | Unspecified vulnerability in IBM Security Guardium IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. | 8.8 |
| 2019-10-02 | CVE-2019-4539 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. | 7.1 |
| 2019-10-02 | CVE-2019-4538 | Open Redirect vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |
| 2019-10-02 | CVE-2019-4520 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2019-09-20 | CVE-2019-4565 | Weak Password Requirements vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2019-09-17 | CVE-2019-4183 | Resource Exhaustion vulnerability in multiple products IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. | 7.5 |