CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4338
https://notcve.org/view.php?id=CVE-2019-4338
20 Aug 2019 — IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) no restringe correctamente el tamaño o la cantidad de recursos solicitados o influenciados por un actor. Esta debilidad se puede utilizar para consumir más recursos de los previstos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161417 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4310
https://notcve.org/view.php?id=CVE-2019-4310
20 Aug 2019 — IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar credenciales de cuenta. ID de IBM X-Force: 161036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161036 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-4292
https://notcve.org/view.php?id=CVE-2019-4292
02 Jul 2019 — IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. Security Guardium versión 10.5 de IBM, podría permitir a un atacante remoto cargar archivos arbitrarios, que podría permitir al atacante ejecutar código arbitrario en el servidor web vulnerable. ID de IBM X-Force: 160698. • http://www.securityfocus.com/bid/109005 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1265
https://notcve.org/view.php?id=CVE-2017-1265
17 Dec 2018 — IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740. IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4 y 10.5 no valida, o lo hace incorrectamente, un certificado. Esta debilidad podría permitir que un atacante suplante una entidad de confianza mediante técnicas Man-in-the-Middl... • http://www.securityfocus.com/bid/106234 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1597
https://notcve.org/view.php?id=CVE-2017-1597
17 Dec 2018 — IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4 y 10.5 Database Activity Monitor no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: ... • http://www.securityfocus.com/bid/106236 • CWE-521: Weak Password Requirements •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1889
https://notcve.org/view.php?id=CVE-2018-1889
17 Dec 2018 — IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080. IBM Security Guardium 10.0 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionali... • http://www.securityfocus.com/bid/106231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1891
https://notcve.org/view.php?id=CVE-2018-1891
17 Dec 2018 — IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidade... • http://www.securityfocus.com/bid/106239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1272
https://notcve.org/view.php?id=CVE-2017-1272
17 Dec 2018 — IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747. IBM Security Guardium 10.0 y 10.5 almacena información sensible en parámetros de URL. • http://www.securityfocus.com/bid/106237 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1817
https://notcve.org/view.php?id=CVE-2018-1817
13 Dec 2018 — IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidade... • https://exchange.xforce.ibmcloud.com/vulnerabilities/150021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1818
https://notcve.org/view.php?id=CVE-2018-1818
13 Dec 2018 — IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022. IBM Security Guardium 10 y 10.5 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Forc... • https://exchange.xforce.ibmcloud.com/vulnerabilities/150022 • CWE-798: Use of Hard-coded Credentials •