CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1891
https://notcve.org/view.php?id=CVE-2018-1891
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106239 https://exchange.xforce.ibmcloud.com/vulnerabilities/152082 https://www.ibm.com/support/docview.wss?uid=ibm10742865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1268
https://notcve.org/view.php?id=CVE-2017-1268
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743. IBM Security Guardium 10 y 10.5 emplea un hash criptográfico en un sentido contra una entrada que no debería ser reversible, como una contraseña, pero el software tampoco emplea una sal como parte de la entrada. IBM X-Force ID: 124743. • http://www.securityfocus.com/bid/106339 https://exchange.xforce.ibmcloud.com/vulnerabilities/124743 https://www.ibm.com/support/docview.wss?uid=ibm10737077 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1817
https://notcve.org/view.php?id=CVE-2018-1817
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150021 https://www.ibm.com/support/docview.wss?uid=ibm10737069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1818
https://notcve.org/view.php?id=CVE-2018-1818
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022. IBM Security Guardium 10 y 10.5 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 150022. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150022 https://www.ibm.com/support/docview.wss?uid=ibm10737073 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1255
https://notcve.org/view.php?id=CVE-2017-1255
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4 utiliza algoritmos criptográficos más débiles que lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 124675. • http://www.ibm.com/support/docview.wss?uid=swg22014537 https://exchange.xforce.ibmcloud.com/vulnerabilities/124675 • CWE-326: Inadequate Encryption Strength •