Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2019-4175 | Inadequate Encryption Strength vulnerability in IBM Cognos Controller 10.4.0/10.4.1 IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-09-16 | CVE-2019-4147 | SQL Injection vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. | 7.2 |
| 2019-09-05 | CVE-2019-4321 | Weak Password Requirements vulnerability in IBM products IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2019-08-26 | CVE-2019-4513 | XXE vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-26 | CVE-2019-4448 | Improper Privilege Management vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2 IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. | 7.8 |
| 2019-08-26 | CVE-2019-4447 | Uncontrolled Search Path Element vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2 IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. | 7.8 |
| 2019-08-20 | CVE-2019-4424 | XXE vulnerability in IBM Business Process Manager IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-20 | CVE-2019-4340 | XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-20 | CVE-2019-4338 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. | 7.5 |
| 2019-08-20 | CVE-2019-4460 | Path Traversal vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. | 7.5 |