Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2019-4175 Inadequate Encryption Strength vulnerability in IBM Cognos Controller 10.4.0/10.4.1
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2019-09-16 CVE-2019-4147 SQL Injection vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.2
2019-09-05 CVE-2019-4321 Weak Password Requirements vulnerability in IBM products
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2019-08-26 CVE-2019-4513 XXE vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2019-08-26 CVE-2019-4448 Improper Privilege Management vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context.
local
low complexity
ibm CWE-269
7.8
2019-08-26 CVE-2019-4447 Uncontrolled Search Path Element vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable.
local
low complexity
ibm CWE-427
7.8
2019-08-20 CVE-2019-4424 XXE vulnerability in IBM Business Process Manager
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2019-08-20 CVE-2019-4340 XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2019-08-20 CVE-2019-4338 Allocation of Resources Without Limits or Throttling vulnerability in IBM Security Guardium BIG Data Intelligence 4.0
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor.
network
low complexity
ibm CWE-770
7.5
2019-08-20 CVE-2019-4460 Path Traversal vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5