CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1891
https://notcve.org/view.php?id=CVE-2018-1891
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106239 https://exchange.xforce.ibmcloud.com/vulnerabilities/152082 https://www.ibm.com/support/docview.wss?uid=ibm10742865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1268
https://notcve.org/view.php?id=CVE-2017-1268
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743. IBM Security Guardium 10 y 10.5 emplea un hash criptográfico en un sentido contra una entrada que no debería ser reversible, como una contraseña, pero el software tampoco emplea una sal como parte de la entrada. IBM X-Force ID: 124743. • http://www.securityfocus.com/bid/106339 https://exchange.xforce.ibmcloud.com/vulnerabilities/124743 https://www.ibm.com/support/docview.wss?uid=ibm10737077 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1817
https://notcve.org/view.php?id=CVE-2018-1817
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150021 https://www.ibm.com/support/docview.wss?uid=ibm10737069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1818
https://notcve.org/view.php?id=CVE-2018-1818
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022. IBM Security Guardium 10 y 10.5 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 150022. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150022 https://www.ibm.com/support/docview.wss?uid=ibm10737073 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1601
https://notcve.org/view.php?id=CVE-2017-1601
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. En IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4, Database Activity Monitor no pide que los usuarios tengan contraseñas fuertes por defecto, lo que hace que sea más fácil que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132624. • http://www.ibm.com/support/docview.wss?uid=swg22014230 http://www.securitytracker.com/id/1040899 https://exchange.xforce.ibmcloud.com/vulnerabilities/132624 • CWE-521: Weak Password Requirements •