CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29735
https://notcve.org/view.php?id=CVE-2021-29735
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Guardium versiones 10.5, 10.6, 11.0, 11.1, 11.2 y 11.3, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable • https://exchange.xforce.ibmcloud.com/vulnerabilities/201239 https://www.ibm.com/support/pages/node/6514007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20377
https://notcve.org/view.php?id=CVE-2021-20377
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. IBM Security Guardium versión 11.3, podría permitir a un atacante remoto conseguir información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en otros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/195569 https://www.ibm.com/support/pages/node/6491125 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4690
https://notcve.org/view.php?id=CVE-2020-4690
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. IBM Security Guardium versión 11.3, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, la comunicación de salida con componentes externos o el cifrado de datos internos. IBM X-Force ID: 186697 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186697 https://www.ibm.com/support/pages/node/6491125 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29773
https://notcve.org/view.php?id=CVE-2021-29773
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865. IBM Security Guardium versiones 10.6 y 11.3, podría permitir a un atacante autenticado remoto conseguir información confidencial o modificar los detalles del usuario causado por una vulnerabilidad de objeto directo no seguro (IDOR). IBM X-Force ID: 202865 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202865 https://www.ibm.com/support/pages/node/6488943 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20433
https://notcve.org/view.php?id=CVE-2021-20433
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. IBM Security Guardium versión 11.3, podría permitir a un usuario autenticado conseguir información confidencial que podría ser usada en otros ataques contra el sistema. IBM X-Force ID: 196345 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196345 https://www.ibm.com/support/pages/node/6488941 •