CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4680
https://notcve.org/view.php?id=CVE-2020-4680
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. IBM Security Guardium versión 11.2, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186426 https://www.ibm.com/support/pages/node/6346884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4679
https://notcve.org/view.php?id=CVE-2020-4679
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424. IBM Security Guardium versión 11.2, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186424 https://www.ibm.com/support/pages/node/6346884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4678
https://notcve.org/view.php?id=CVE-2020-4678
IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. IBM Security Guardium versión 11.2, podría permitir a un atacante con acceso de administrador conseguir y leer archivos a los que normalmente no tendría acceso. IBM X-Force ID: 186423 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186423 https://www.ibm.com/support/pages/node/6346884 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4603
https://notcve.org/view.php?id=CVE-2020-4603
IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. IBM Security Guardium Insights versión 2.0.1, lleva a cabo una operación en un nivel de privilegio superior al nivel mínimo requerido, lo que crea nuevas debilidades o amplifica las consecuencias de otras debilidades. IBM X-Force ID: 184880 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184880 https://www.ibm.com/support/pages/node/6323297 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4175
https://notcve.org/view.php?id=CVE-2020-4175
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. IBM Security Guardium Insights versión 2.0.1, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/174684 https://www.ibm.com/support/pages/node/6323297 • CWE-862: Missing Authorization •