4 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

10 May 2022 — IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862. IBM Guardium Data Encryption (GDE) versiones 4.0.0.0 y 5.0.0.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

06 May 2022 — IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. IBM Guardium Data Encryption (GDE) versiones 4.0.0 y 5.0.0, prepara un mensaje estructurado para la comunicación con otro componente, pero la codificación o el escape de los datos falta o se realiza de forma incorrecta. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213865 • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

10 Mar 2022 — IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. IBM Guardium Data Encryption (GDE) versiones 4.0.0.0 y 5.0.0.0, podría revelar información de la dirección IP interna cuando el backend web no está habilitado. BM X-Force 213863 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213863 •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

10 Mar 2022 — IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858. IBM Guardium Data Encryption (GDE) versiones 4.0.0.0 y 5.0.0.0, guarda la información proporcionada por el usuario en un archivo de valores separados por comas (CSV), pero no neutraliza o neutraliza in... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213858 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •