CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26270 – IBM Security Guardium Data Encryption code execution
https://notcve.org/view.php?id=CVE-2023-26270
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248119 https://www.ibm.com/support/pages/node/6995161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26271 – IBM Security Guardium Data Encryption information disclosure
https://notcve.org/view.php?id=CVE-2023-26271
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. IBM X-Force ID: 248126. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248126 https://www.ibm.com/support/pages/node/6995161 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26272 – IBM Security Guardium Data Encryption information disclosure
https://notcve.org/view.php?id=CVE-2023-26272
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133. IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría utilizarse en ataques posteriores contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248133 https://www.ibm.com/support/pages/node/6995161 • CWE-209: Generation of Error Message Containing Sensitive Information •