CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38972
https://notcve.org/view.php?id=CVE-2021-38972
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1, 4.0 y 4.1, recibe entradas o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta • https://exchange.xforce.ibmcloud.com/vulnerabilities/212775 https://www.ibm.com/support/pages/node/6515530 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29735
https://notcve.org/view.php?id=CVE-2021-29735
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Guardium versiones 10.5, 10.6, 11.0, 11.1, 11.2 y 11.3, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable • https://exchange.xforce.ibmcloud.com/vulnerabilities/201239 https://www.ibm.com/support/pages/node/6514007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20377
https://notcve.org/view.php?id=CVE-2021-20377
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. IBM Security Guardium versión 11.3, podría permitir a un atacante remoto conseguir información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en otros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/195569 https://www.ibm.com/support/pages/node/6491125 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4690
https://notcve.org/view.php?id=CVE-2020-4690
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. IBM Security Guardium versión 11.3, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, la comunicación de salida con componentes externos o el cifrado de datos internos. IBM X-Force ID: 186697 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186697 https://www.ibm.com/support/pages/node/6491125 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29773
https://notcve.org/view.php?id=CVE-2021-29773
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865. IBM Security Guardium versiones 10.6 y 11.3, podría permitir a un atacante autenticado remoto conseguir información confidencial o modificar los detalles del usuario causado por una vulnerabilidad de objeto directo no seguro (IDOR). IBM X-Force ID: 202865 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202865 https://www.ibm.com/support/pages/node/6488943 • CWE-639: Authorization Bypass Through User-Controlled Key •