CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1268
https://notcve.org/view.php?id=CVE-2017-1268
13 Dec 2018 — IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743. IBM Security Guardium 10 y 10.5 emplea un hash criptográfico en un sentido contra una entrada que no debería ser reversible, como una contraseña, pero el software tampoco emplea una sal como parte de la entrada. IBM X-Force ID: 124743. • http://www.securityfocus.com/bid/106339 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1498
https://notcve.org/view.php?id=CVE-2018-1498
02 Oct 2018 — IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. IBM Security Guardium EcoSystem 10.5 almacena las credenciales de usuario en formato de texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 141223. • http://www.securitytracker.com/id/1041763 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1509
https://notcve.org/view.php?id=CVE-2018-1509
02 Oct 2018 — IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417. IBM Security Guardium EcoSystem 10.5 no valida, o valida incorrectamente, un certificado. ... • http://www.ibm.com/support/docview.wss?uid=ibm10730321 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1370
https://notcve.org/view.php?id=CVE-2018-1370
29 May 2018 — IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 especifica permisos para un recurso crítico para la seguridad de forma que permite que ese recurso sea leído o modificado por actores no planeados. IBM X-Force ID: 137769. • http://www.ibm.com/support/docview.wss?uid=swg22016132 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1376
https://notcve.org/view.php?id=CVE-2018-1376
29 May 2018 — IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz ... • http://www.ibm.com/support/docview.wss?uid=swg22016512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1375
https://notcve.org/view.php?id=CVE-2018-1375
29 May 2018 — IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 no renueva una variable de sesión tras una autenticación exitosa. Esto podría desembocar en una vulnerabilidad de fijación/secuestro de sesión. • http://www.ibm.com/support/docview.wss?uid=swg22016513 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1369
https://notcve.org/view.php?id=CVE-2018-1369
29 May 2018 — IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 almacena información sensible en parámetros de URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen acceso a las URL mediante registros del servidor,... • http://www.ibm.com/support/docview.wss?uid=swg22016131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1768
https://notcve.org/view.php?id=CVE-2017-1768
29 May 2018 — IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 genera un mensaje de error que incluye información sensible sobre su entorno, usuarios o datos asociados. IBM X-Force ID: 136471. • http://www.ibm.com/support/docview.wss?uid=swg22016515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1255
https://notcve.org/view.php?id=CVE-2017-1255
02 May 2018 — IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4 utiliza algoritmos criptográficos más débiles que lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 124675. • http://www.ibm.com/support/docview.wss?uid=swg22014537 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1601
https://notcve.org/view.php?id=CVE-2017-1601
02 May 2018 — IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. En IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4, Database Activity Monitor no pide que los usuarios tengan contraseñas fuertes por defecto, lo que hace que sea más fácil que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132624. • http://www.ibm.com/support/docview.wss?uid=swg22014230 • CWE-521: Weak Password Requirements •